diff --git a/.gitignore b/.gitignore
index da559ad..07173a5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
SOURCES/db.x64.esl
-SOURCES/shim-15.6.tar.bz2
+SOURCES/shim-15.8.tar.bz2
diff --git a/.shim.metadata b/.shim.metadata
index e11d0aa..8158b65 100644
--- a/.shim.metadata
+++ b/.shim.metadata
@@ -1,2 +1,2 @@
8738baca71e73b7c27a65d6b01d804d5d42e9cef SOURCES/db.x64.esl
-3df0ab5cefc74fdf865cb36aea0e923cb4b6b3ed SOURCES/shim-15.6.tar.bz2
+cdec924ca437a4509dcb178396996ddf92c11183 SOURCES/shim-15.8.tar.bz2
diff --git a/SOURCES/0001-Make-SBAT-variable-payload-introspectable.patch b/SOURCES/0001-Make-SBAT-variable-payload-introspectable.patch
deleted file mode 100644
index d3632de..0000000
--- a/SOURCES/0001-Make-SBAT-variable-payload-introspectable.patch
+++ /dev/null
@@ -1,343 +0,0 @@
-From 0eb07e11b20680200d3ce9c5bc59299121a75388 Mon Sep 17 00:00:00 2001
-From: Chris Coulson <chris.coulson@canonical.com>
-Date: Tue, 31 May 2022 22:21:26 +0100
-Subject: [PATCH 01/13] Make SBAT variable payload introspectable
-
-Given a set of EFI variables and boot assets, it should be possible
-to compute what the value of PCR 7 will be on the next boot.
-
-As shim manages the contents of the SbatLevel variable and this is
-measured to PCR 7, export the payloads that shim contains in a new
-COFF section (.sbatlevel) so that it can be introspected by code
-outside of shim.
-
-The new section works a bit like .vendor_cert - it contains a header
-and then the payload. In this case, the header contains no size fields
-because the strings are NULL terminated. Shim uses this new section
-internally in set_sbat_uefi_variable.
-
-The .sbatlevel section starts with a 4 byte version field which is
-not used by shim but may be useful for external auditors if the
-format of the section contents change in the future.
-
-Signed-off-by: Chris Coulson <chris.coulson@canonical.com>
----
- sbat.c | 21 ++++++++++++++++-----
- include/sbat.h | 32 --------------------------------
- include/sbat_var_defs.h | 38 ++++++++++++++++++++++++++++++++++++++
- shim.h | 1 +
- sbat_var.S | 20 ++++++++++++++++++++
- elf_aarch64_efi.lds | 4 ++++
- elf_ia32_efi.lds | 4 ++++
- elf_ia64_efi.lds | 4 ++++
- elf_x86_64_efi.lds | 4 ++++
- include/test.mk | 2 +-
- Makefile | 7 ++++---
- 11 files changed, 96 insertions(+), 41 deletions(-)
- create mode 100644 include/sbat_var_defs.h
- create mode 100644 sbat_var.S
-
-diff --git a/sbat.c b/sbat.c
-index f1d6e98dcde..a08c5b2a972 100644
---- a/sbat.c
-+++ b/sbat.c
-@@ -5,6 +5,11 @@
-
- #include "shim.h"
-
-+extern struct {
-+ UINT32 previous_offset;
-+ UINT32 latest_offset;
-+} sbat_var_payload_header;
-+
- EFI_STATUS
- parse_sbat_section(char *section_base, size_t section_size,
- size_t *n_entries,
-@@ -399,6 +404,9 @@ set_sbat_uefi_variable(void)
- EFI_STATUS efi_status = EFI_SUCCESS;
- UINT32 attributes = 0;
-
-+ char *sbat_var_previous;
-+ char *sbat_var_latest;
-+
- UINT8 *sbat = NULL;
- UINT8 *sbat_policy = NULL;
- UINTN sbatsize = 0;
-@@ -407,27 +415,30 @@ set_sbat_uefi_variable(void)
- char *sbat_var = NULL;
- bool reset_sbat = false;
-
-+ sbat_var_previous = (char *)&sbat_var_payload_header + sbat_var_payload_header.previous_offset;
-+ sbat_var_latest = (char *)&sbat_var_payload_header + sbat_var_payload_header.latest_offset;
-+
- efi_status = get_variable_attr(SBAT_POLICY, &sbat_policy,
- &sbat_policysize, SHIM_LOCK_GUID,
- &attributes);
- if (EFI_ERROR(efi_status)) {
- dprint("Default sbat policy: previous\n");
-- sbat_var = SBAT_VAR_PREVIOUS;
-+ sbat_var = sbat_var_previous;
- } else {
- switch (*sbat_policy) {
- case SBAT_POLICY_LATEST:
- dprint("Custom sbat policy: latest\n");
-- sbat_var = SBAT_VAR_LATEST;
-+ sbat_var = sbat_var_latest;
- clear_sbat_policy();
- break;
- case SBAT_POLICY_PREVIOUS:
- dprint("Custom sbat policy: previous\n");
-- sbat_var = SBAT_VAR_PREVIOUS;
-+ sbat_var = sbat_var_previous;
- break;
- case SBAT_POLICY_RESET:
- if (secure_mode()) {
- console_print(L"Cannot reset SBAT policy: Secure Boot is enabled.\n");
-- sbat_var = SBAT_VAR_PREVIOUS;
-+ sbat_var = sbat_var_previous;
- } else {
- dprint(L"Custom SBAT policy: reset OK\n");
- reset_sbat = true;
-@@ -438,7 +449,7 @@ set_sbat_uefi_variable(void)
- default:
- console_error(L"SBAT policy state %llu is invalid",
- EFI_INVALID_PARAMETER);
-- sbat_var = SBAT_VAR_PREVIOUS;
-+ sbat_var = sbat_var_previous;
- clear_sbat_policy();
- break;
- }
-diff --git a/include/sbat.h b/include/sbat.h
-index aca4359870f..c94c4fba8cd 100644
---- a/include/sbat.h
-+++ b/include/sbat.h
-@@ -6,38 +6,6 @@
- #ifndef SBAT_H_
- #define SBAT_H_
-
--#define SBAT_VAR_SIG "sbat,"
--#define SBAT_VAR_VERSION "1,"
--#define SBAT_VAR_ORIGINAL_DATE "2021030218"
--#define SBAT_VAR_ORIGINAL \
-- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_ORIGINAL_DATE "\n"
--
--#if defined(ENABLE_SHIM_DEVEL)
--#define SBAT_VAR_PREVIOUS_DATE "2022020101"
--#define SBAT_VAR_PREVIOUS_REVOCATIONS "component,2\n"
--#define SBAT_VAR_PREVIOUS \
-- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
-- SBAT_VAR_PREVIOUS_REVOCATIONS
--
--#define SBAT_VAR_LATEST_DATE "2022050100"
--#define SBAT_VAR_LATEST_REVOCATIONS "component,2\nothercomponent,2\n"
--#define SBAT_VAR_LATEST \
-- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
-- SBAT_VAR_LATEST_REVOCATIONS
--#else /* !ENABLE_SHIM_DEVEL */
--#define SBAT_VAR_PREVIOUS_DATE SBAT_VAR_ORIGINAL_DATE
--#define SBAT_VAR_PREVIOUS_REVOCATIONS
--#define SBAT_VAR_PREVIOUS \
-- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
-- SBAT_VAR_PREVIOUS_REVOCATIONS
--
--#define SBAT_VAR_LATEST_DATE "2022052400"
--#define SBAT_VAR_LATEST_REVOCATIONS "shim,2\ngrub,2\n"
--#define SBAT_VAR_LATEST \
-- SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
-- SBAT_VAR_LATEST_REVOCATIONS
--#endif /* ENABLE_SHIM_DEVEL */
--
- #define UEFI_VAR_NV_BS \
- (EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS)
- #define UEFI_VAR_NV_BS_RT \
-diff --git a/include/sbat_var_defs.h b/include/sbat_var_defs.h
-new file mode 100644
-index 00000000000..c656b56d4c3
---- /dev/null
-+++ b/include/sbat_var_defs.h
-@@ -0,0 +1,38 @@
-+// SPDX-License-Identifier: BSD-2-Clause-Patent
-+
-+#ifndef SBAT_VAR_DEFS_H_
-+#define SBAT_VAR_DEFS_H_
-+
-+#define SBAT_VAR_SIG "sbat,"
-+#define SBAT_VAR_VERSION "1,"
-+#define SBAT_VAR_ORIGINAL_DATE "2021030218"
-+#define SBAT_VAR_ORIGINAL \
-+ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_ORIGINAL_DATE "\n"
-+
-+#if defined(ENABLE_SHIM_DEVEL)
-+#define SBAT_VAR_PREVIOUS_DATE "2022020101"
-+#define SBAT_VAR_PREVIOUS_REVOCATIONS "component,2\n"
-+#define SBAT_VAR_PREVIOUS \
-+ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
-+ SBAT_VAR_PREVIOUS_REVOCATIONS
-+
-+#define SBAT_VAR_LATEST_DATE "2022050100"
-+#define SBAT_VAR_LATEST_REVOCATIONS "component,2\nothercomponent,2\n"
-+#define SBAT_VAR_LATEST \
-+ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
-+ SBAT_VAR_LATEST_REVOCATIONS
-+#else /* !ENABLE_SHIM_DEVEL */
-+#define SBAT_VAR_PREVIOUS_DATE SBAT_VAR_ORIGINAL_DATE
-+#define SBAT_VAR_PREVIOUS_REVOCATIONS
-+#define SBAT_VAR_PREVIOUS \
-+ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_PREVIOUS_DATE "\n" \
-+ SBAT_VAR_PREVIOUS_REVOCATIONS
-+
-+#define SBAT_VAR_LATEST_DATE "2022052400"
-+#define SBAT_VAR_LATEST_REVOCATIONS "shim,2\ngrub,2\n"
-+#define SBAT_VAR_LATEST \
-+ SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
-+ SBAT_VAR_LATEST_REVOCATIONS
-+#endif /* ENABLE_SHIM_DEVEL */
-+
-+#endif /* !SBAT_VAR_DEFS_H_ */
-diff --git a/shim.h b/shim.h
-index b5272b9c9e9..7e9d10eb2df 100644
---- a/shim.h
-+++ b/shim.h
-@@ -179,6 +179,7 @@
- #include "include/pe.h"
- #include "include/replacements.h"
- #include "include/sbat.h"
-+#include "include/sbat_var_defs.h"
- #if defined(OVERRIDE_SECURITY_POLICY)
- #include "include/security_policy.h"
- #endif
-diff --git a/sbat_var.S b/sbat_var.S
-new file mode 100644
-index 00000000000..a115077ae4d
---- /dev/null
-+++ b/sbat_var.S
-@@ -0,0 +1,20 @@
-+// SPDX-License-Identifier: BSD-2-Clause-Patent
-+
-+#include "include/sbat_var_defs.h"
-+
-+ .section .sbatlevel, "a", %progbits
-+ .balignl 4, 0
-+ .4byte 0 /* format version for external parsers */
-+ .globl sbat_var_payload_header
-+ .type sbat_var_payload_header, %object
-+ .size sbat_var_payload_header, .Lsbat_var_payload_header_end - sbat_var_payload_header
-+sbat_var_payload_header:
-+ .4byte .Lsbat_var_previous - sbat_var_payload_header
-+ .4byte .Lsbat_var_latest - sbat_var_payload_header
-+.Lsbat_var_payload_header_end:
-+ .balign 1, 0
-+.Lsbat_var_previous:
-+ .asciz SBAT_VAR_PREVIOUS
-+ .balign 1, 0
-+.Lsbat_var_latest:
-+ .asciz SBAT_VAR_LATEST
-diff --git a/elf_aarch64_efi.lds b/elf_aarch64_efi.lds
-index 60c55ba5fe1..0861f5e8a16 100644
---- a/elf_aarch64_efi.lds
-+++ b/elf_aarch64_efi.lds
-@@ -34,6 +34,10 @@ SECTIONS
- .data.ident : {
- *(.data.ident)
- }
-+ . = ALIGN(4096);
-+ .sbatlevel : {
-+ *(.sbatlevel)
-+ }
-
- . = ALIGN(4096);
- .data :
-diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds
-index 497a3a15265..e8da91bdfb2 100644
---- a/elf_ia32_efi.lds
-+++ b/elf_ia32_efi.lds
-@@ -28,6 +28,10 @@ SECTIONS
- .data.ident : {
- *(.data.ident)
- }
-+ . = ALIGN(4096);
-+ .sbatlevel : {
-+ *(.sbatlevel)
-+ }
-
- . = ALIGN(4096);
- .data :
-diff --git a/elf_ia64_efi.lds b/elf_ia64_efi.lds
-index 2669b856b15..a2195609ca0 100644
---- a/elf_ia64_efi.lds
-+++ b/elf_ia64_efi.lds
-@@ -34,6 +34,10 @@ SECTIONS
- .data.ident : {
- *(.data.ident)
- }
-+ . = ALIGN(4096);
-+ .sbatlevel : {
-+ *(.sbatlevel)
-+ }
-
- . = ALIGN(4096);
- .data :
-diff --git a/elf_x86_64_efi.lds b/elf_x86_64_efi.lds
-index bcc65270911..39aff6b07b6 100644
---- a/elf_x86_64_efi.lds
-+++ b/elf_x86_64_efi.lds
-@@ -35,6 +35,10 @@ SECTIONS
- .data.ident : {
- *(.data.ident)
- }
-+ . = ALIGN(4096);
-+ .sbatlevel : {
-+ *(.sbatlevel)
-+ }
-
- . = ALIGN(4096);
- .data :
-diff --git a/include/test.mk b/include/test.mk
-index e965c6000a5..c0e2409517a 100644
---- a/include/test.mk
-+++ b/include/test.mk
-@@ -92,7 +92,7 @@ test-mock-variables: CFLAGS+=-DHAVE_SHIM_LOCK_GUID
- test-mok-mirror_FILES = mok.c globals.c tpm.c lib/guid.c lib/variables.c mock-variables.c
- test-mok-mirror: CFLAGS+=-DHAVE_START_IMAGE -DHAVE_SHIM_LOCK_GUID
-
--test-sbat_FILES = csv.c lib/variables.c lib/guid.c
-+test-sbat_FILES = csv.c lib/variables.c lib/guid.c sbat_var.S
- test-sbat :: CFLAGS+=-DHAVE_GET_VARIABLE -DHAVE_GET_VARIABLE_ATTR -DHAVE_SHIM_LOCK_GUID
-
- test-str_FILES = lib/string.c
-diff --git a/Makefile b/Makefile
-index 24ac314e04f..866611c75d5 100644
---- a/Makefile
-+++ b/Makefile
-@@ -38,9 +38,9 @@ CFLAGS += -DENABLE_SHIM_CERT
- else
- TARGETS += $(MMNAME) $(FBNAME)
- endif
--OBJS = shim.o globals.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o pe.o httpboot.o csv.o load-options.o
-+OBJS = shim.o globals.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o sbat_var.o pe.o httpboot.o csv.o load-options.o
- KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
--ORIG_SOURCES = shim.c globals.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c httpboot.c shim.h version.h $(wildcard include/*.h) cert.S
-+ORIG_SOURCES = shim.c globals.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c httpboot.c shim.h version.h $(wildcard include/*.h) cert.S sbat_var.S
- MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o sbat_data.o globals.o
- ORIG_MOK_SOURCES = MokManager.c PasswordCrypt.c crypt_blowfish.c shim.h $(wildcard include/*.h)
- FALLBACK_OBJS = fallback.o tpm.o errlog.o sbat_data.o globals.o
-@@ -253,7 +253,7 @@ endif
- $(OBJCOPY) -D -j .text -j .sdata -j .data -j .data.ident \
- -j .dynamic -j .rodata -j .rel* \
- -j .rela* -j .dyn -j .reloc -j .eh_frame \
-- -j .vendor_cert -j .sbat \
-+ -j .vendor_cert -j .sbat -j .sbatlevel \
- $(FORMAT) $< $@
- ./post-process-pe -vv $@
-
-@@ -269,6 +269,7 @@ endif
- $(OBJCOPY) -D -j .text -j .sdata -j .data \
- -j .dynamic -j .rodata -j .rel* \
- -j .rela* -j .dyn -j .reloc -j .eh_frame -j .sbat \
-+ -j .sbatlevel \
- -j .debug_info -j .debug_abbrev -j .debug_aranges \
- -j .debug_line -j .debug_str -j .debug_ranges \
- -j .note.gnu.build-id \
---
-2.37.1
-
diff --git a/SOURCES/0001-dos2unix-fix-flags-for-RHEL-7.patch b/SOURCES/0001-dos2unix-fix-flags-for-RHEL-7.patch
new file mode 100644
index 0000000..3169e34
--- /dev/null
+++ b/SOURCES/0001-dos2unix-fix-flags-for-RHEL-7.patch
@@ -0,0 +1,30 @@
+From 00c86a51d0ce879aff1d3c9f3fb6217e73f8d179 Mon Sep 17 00:00:00 2001
+From: Peter Jones <pjones@redhat.com>
+Date: Wed, 7 Feb 2024 16:24:31 -0500
+Subject: [PATCH] dos2unix: fix flags for RHEL 7
+
+RHEL 7 has a version of dos2unix that doesn't support -f, and I couldn't
+figure out how to get rpm+shell+make to cooperate in setting the flags
+from the .spec file, so it's changed here instead.
+
+Signed-off-by: Peter Jones <pjones@redhat.com>
+---
+ Make.defaults | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Make.defaults b/Make.defaults
+index e75cd3cdd0b..87a4c6472fb 100644
+--- a/Make.defaults
++++ b/Make.defaults
+@@ -9,7 +9,7 @@ HOSTCC = $(COMPILER)
+ LD = $(CROSS_COMPILE)ld
+ OBJCOPY = $(CROSS_COMPILE)objcopy
+ DOS2UNIX ?= dos2unix
+-D2UFLAGS ?= -r -l -F -f -n
++D2UFLAGS ?= -l -F -f -n
+ OPENSSL ?= openssl
+ HEXDUMP ?= hexdump
+ INSTALL ?= install
+--
+2.41.0
+
diff --git a/SOURCES/0002-Reference-MokListRT-instead-of-MokList.patch b/SOURCES/0002-Reference-MokListRT-instead-of-MokList.patch
deleted file mode 100644
index 96311d7..0000000
--- a/SOURCES/0002-Reference-MokListRT-instead-of-MokList.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 092c2b2bbed950727e41cf450b61c794881c33e7 Mon Sep 17 00:00:00 2001
-From: Eric Snowberg <eric.snowberg@oracle.com>
-Date: Fri, 17 Jun 2022 12:37:28 -0400
-Subject: [PATCH 02/13] Reference MokListRT instead of MokList
-
-When calling back into shim from grub, the MokListRT may contain additional
-entries not available in the original MokList, an example being the certs
-included via user_cert. Use the MokListRT instead when calling check_db_cert
-and check_db_hash.
-
-Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
----
- shim.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/shim.c b/shim.c
-index fdd205ef995..27b74ce06c3 100644
---- a/shim.c
-+++ b/shim.c
-@@ -397,22 +397,22 @@ static EFI_STATUS check_allowlist (WIN_CERTIFICATE_EFI_PKCS *cert,
- }
- #endif
-
-- if (check_db_hash(L"MokList", SHIM_LOCK_GUID, sha256hash,
-+ if (check_db_hash(L"MokListRT", SHIM_LOCK_GUID, sha256hash,
- SHA256_DIGEST_SIZE, EFI_CERT_SHA256_GUID)
- == DATA_FOUND) {
- verification_method = VERIFIED_BY_HASH;
- update_verification_method(VERIFIED_BY_HASH);
- return EFI_SUCCESS;
- } else {
-- LogError(L"check_db_hash(MokList, sha256hash) != DATA_FOUND\n");
-+ LogError(L"check_db_hash(MokListRT, sha256hash) != DATA_FOUND\n");
- }
-- if (cert && check_db_cert(L"MokList", SHIM_LOCK_GUID, cert, sha256hash)
-+ if (cert && check_db_cert(L"MokListRT", SHIM_LOCK_GUID, cert, sha256hash)
- == DATA_FOUND) {
- verification_method = VERIFIED_BY_CERT;
- update_verification_method(VERIFIED_BY_CERT);
- return EFI_SUCCESS;
- } else if (cert) {
-- LogError(L"check_db_cert(MokList, sha256hash) != DATA_FOUND\n");
-+ LogError(L"check_db_cert(MokListRT, sha256hash) != DATA_FOUND\n");
- }
-
- update_verification_method(VERIFIED_BY_NOTHING);
---
-2.37.1
-
diff --git a/SOURCES/0003-Add-a-link-to-the-test-plan-in-the-readme.patch b/SOURCES/0003-Add-a-link-to-the-test-plan-in-the-readme.patch
deleted file mode 100644
index b825644..0000000
--- a/SOURCES/0003-Add-a-link-to-the-test-plan-in-the-readme.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 8b59b690613add728189897228e4dd888f8c9f16 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Thu, 4 Aug 2022 12:46:41 -0400
-Subject: [PATCH 03/13] Add a link to the test plan in the readme.
-
-It's been suggested that we should link to the test plan in the readme.
-This seems pretty reasonable to me, so here it is.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- README.md | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/README.md b/README.md
-index ce6bad77264..60d51b65fa9 100644
---- a/README.md
-+++ b/README.md
-@@ -23,3 +23,5 @@ pub.cer and build with `make VENDOR_CERT_FILE=pub.cer`.
-
- There are a couple of build options, and a couple of ways to customize the
- build, described in [BUILDING](BUILDING).
-+
-+See the [test plan](testplan.txt), and file a ticket if anything fails!
---
-2.37.1
-
diff --git a/SOURCES/0004-Enable-TDX-measurement-to-RTMR-register.patch b/SOURCES/0004-Enable-TDX-measurement-to-RTMR-register.patch
deleted file mode 100644
index a0ce9b1..0000000
--- a/SOURCES/0004-Enable-TDX-measurement-to-RTMR-register.patch
+++ /dev/null
@@ -1,240 +0,0 @@
-From 4fd484e4c29364b4fdf4d043556fa0a210c5fdfc Mon Sep 17 00:00:00 2001
-From: Lu Ken <ken.lu@intel.com>
-Date: Sun, 22 May 2022 16:02:20 +0800
-Subject: [PATCH 04/13] Enable TDX measurement to RTMR register
-
-Intel Trust Domain Extensions (Intel TDX) extends Virtual Machine
-Extensions (VMX) and Multi-Key Total Memory Encryption (MK-TME) with a
-new kind of virtual machine guest called a Trust Domain(TD)[1]. A TD
-runs in a CPU mode that is designed to protect the confidentiality of
-its memory contents and its CPU state from any other software, including
-the hosting Virtual Machine Monitor (VMM).
-
-Trust Domain Virtual Firmware (TDVF) is required to provide Intel TDX
-implementation and service for EFI_CC_MEASUREMENT_PROTOCOL[2]. The bugzilla
-for TDVF is at https://bugzilla.tianocore.org/show_bug.cgi?id=3625.
-
-To support CC measurement/attestation with Intel TDX technology, these 4
-RTMR registers will be extended by TDX service like TPM/TPM2 PCR:
-
-- RTMR[0] for TDVF configuration
-- RTMR[1] for the TD OS loader and kernel
-- RTMR[2] for the OS application
-- RTMR[3] reserved for special usage only
-
-Add a TDX Implementation for CC Measurement protocol along with
-TPM/TPM2 protocol.
-
-References:
-[1] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-whitepaper-v4.pdf
-[2] https://software.intel.com/content/dam/develop/external/us/en/documents/tdx-virtual-firmware-design-guide-rev-1.pdf
-[3] https://software.intel.com/content/dam/develop/external/us/en/documents/intel-tdx-guest-hypervisor-communication-interface-1.0-344426-002.pdf
-
-Signed-off-by: Lu Ken <ken.lu@intel.com>
-[rharwood: style pass on code and commit message]
-Signed-off-by: Robbie Harwood <rharwood@redhat.com>
----
- lib/guid.c | 1 +
- tpm.c | 48 ++++++++++++++++++++++++++++
- include/cc.h | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++
- include/guid.h | 1 +
- shim.h | 1 +
- 5 files changed, 136 insertions(+)
- create mode 100644 include/cc.h
-
-diff --git a/lib/guid.c b/lib/guid.c
-index e100c92ed1b..904629ebf03 100644
---- a/lib/guid.c
-+++ b/lib/guid.c
-@@ -28,6 +28,7 @@ EFI_GUID EFI_IP6_CONFIG_GUID = { 0x937fe521, 0x95ae, 0x4d1a, {0x89, 0x29, 0x48,
- EFI_GUID EFI_LOADED_IMAGE_GUID = EFI_LOADED_IMAGE_PROTOCOL_GUID;
- EFI_GUID EFI_TPM_GUID = { 0xf541796d, 0xa62e, 0x4954, {0xa7, 0x75, 0x95, 0x84, 0xf6, 0x1b, 0x9c, 0xdd } };
- EFI_GUID EFI_TPM2_GUID = { 0x607f766c, 0x7455, 0x42be, {0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f } };
-+EFI_GUID EFI_CC_MEASUREMENT_PROTOCOL_GUID = { 0x96751a3d, 0x72f4, 0x41a6, {0xa7, 0x94, 0xed, 0x5d, 0x0e, 0x67, 0xae, 0x6b } };
- EFI_GUID EFI_SECURE_BOOT_DB_GUID = { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f } };
- EFI_GUID EFI_SIMPLE_FILE_SYSTEM_GUID = SIMPLE_FILE_SYSTEM_PROTOCOL;
- EFI_GUID SECURITY_PROTOCOL_GUID = { 0xA46423E3, 0x4617, 0x49f1, {0xB9, 0xFF, 0xD1, 0xBF, 0xA9, 0x11, 0x58, 0x39 } };
-diff --git a/tpm.c b/tpm.c
-index 41f36651e19..388f8d1217c 100644
---- a/tpm.c
-+++ b/tpm.c
-@@ -108,6 +108,45 @@ static EFI_STATUS tpm_locate_protocol(efi_tpm_protocol_t **tpm,
- return EFI_NOT_FOUND;
- }
-
-+static EFI_STATUS cc_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
-+ UINT8 pcr, const CHAR8 *log, UINTN logsize,
-+ UINT32 type, BOOLEAN is_pe_image)
-+{
-+ EFI_STATUS efi_status;
-+ EFI_CC_EVENT *event;
-+ efi_cc_protocol_t *cc;
-+ EFI_CC_MR_INDEX mr;
-+ uint64_t flags = is_pe_image ? EFI_CC_FLAG_PE_COFF_IMAGE : 0;
-+
-+ efi_status = LibLocateProtocol(&EFI_CC_MEASUREMENT_PROTOCOL_GUID,
-+ (VOID **)&cc);
-+ if (EFI_ERROR(efi_status) || !cc)
-+ return EFI_SUCCESS;
-+
-+ efi_status = cc->map_pcr_to_mr_index(cc, pcr, &mr);
-+ if (EFI_ERROR(efi_status))
-+ return EFI_NOT_FOUND;
-+
-+ UINTN event_size = sizeof(*event) - sizeof(event->Event) + logsize;
-+
-+ event = AllocatePool(event_size);
-+ if (!event) {
-+ perror(L"Unable to allocate event structure\n");
-+ return EFI_OUT_OF_RESOURCES;
-+ }
-+
-+ event->Header.HeaderSize = sizeof(EFI_CC_EVENT_HEADER);
-+ event->Header.HeaderVersion = EFI_CC_EVENT_HEADER_VERSION;
-+ event->Header.MrIndex = mr;
-+ event->Header.EventType = type;
-+ event->Size = event_size;
-+ CopyMem(event->Event, (VOID *)log, logsize);
-+ efi_status = cc->hash_log_extend_event(cc, flags, buf, (UINT64)size,
-+ event);
-+ FreePool(event);
-+ return efi_status;
-+}
-+
- static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
- UINT8 pcr, const CHAR8 *log, UINTN logsize,
- UINT32 type, CHAR8 *hash)
-@@ -118,6 +157,15 @@ static EFI_STATUS tpm_log_event_raw(EFI_PHYSICAL_ADDRESS buf, UINTN size,
- BOOLEAN old_caps;
- EFI_TCG2_BOOT_SERVICE_CAPABILITY caps;
-
-+ /* CC guest like TDX or SEV will measure the buffer and log the event,
-+ extend the result into a specific CC MR like TCG's PCR. It could
-+ coexists with TCG's TPM 1.2 and TPM 2.
-+ */
-+ efi_status = cc_log_event_raw(buf, size, pcr, log, logsize, type,
-+ (hash != NULL));
-+ if (EFI_ERROR(efi_status))
-+ return efi_status;
-+
- efi_status = tpm_locate_protocol(&tpm, &tpm2, &old_caps, &caps);
- if (EFI_ERROR(efi_status)) {
- #ifdef REQUIRE_TPM
-diff --git a/include/cc.h b/include/cc.h
-new file mode 100644
-index 00000000000..8b12720804e
---- /dev/null
-+++ b/include/cc.h
-@@ -0,0 +1,85 @@
-+// SPDX-License-Identifier: BSD-2-Clause-Patent
-+
-+#ifndef SHIM_CC_H
-+#define SHIM_CC_H
-+
-+typedef struct {
-+ uint8_t Major;
-+ uint8_t Minor;
-+} EFI_CC_VERSION;
-+
-+#define EFI_CC_TYPE_NONE 0
-+#define EFI_CC_TYPE_SEV 1
-+#define EFI_CC_TYPE_TDX 2
-+
-+typedef struct {
-+ uint8_t Type;
-+ uint8_t SubType;
-+} EFI_CC_TYPE;
-+
-+typedef uint32_t EFI_CC_EVENT_LOG_BITMAP;
-+typedef uint32_t EFI_CC_EVENT_LOG_FORMAT;
-+typedef uint32_t EFI_CC_EVENT_ALGORITHM_BITMAP;
-+typedef uint32_t EFI_CC_MR_INDEX;
-+
-+#define TDX_MR_INDEX_MRTD 0
-+#define TDX_MR_INDEX_RTMR0 1
-+#define TDX_MR_INDEX_RTMR1 2
-+#define TDX_MR_INDEX_RTMR2 3
-+#define TDX_MR_INDEX_RTMR3 4
-+
-+#define EFI_CC_EVENT_LOG_FORMAT_TCG_2 0x00000002
-+#define EFI_CC_BOOT_HASH_ALG_SHA384 0x00000004
-+#define EFI_CC_EVENT_HEADER_VERSION 1
-+
-+typedef struct tdEFI_CC_EVENT_HEADER {
-+ uint32_t HeaderSize;
-+ uint16_t HeaderVersion;
-+ EFI_CC_MR_INDEX MrIndex;
-+ uint32_t EventType;
-+} __attribute__((packed)) EFI_CC_EVENT_HEADER;
-+
-+typedef struct tdEFI_CC_EVENT {
-+ uint32_t Size;
-+ EFI_CC_EVENT_HEADER Header;
-+ uint8_t Event[1];
-+} __attribute__((packed)) EFI_CC_EVENT;
-+
-+typedef struct tdEFI_CC_BOOT_SERVICE_CAPABILITY {
-+ uint8_t Size;
-+ EFI_CC_VERSION StructureVersion;
-+ EFI_CC_VERSION ProtocolVersion;
-+ EFI_CC_EVENT_ALGORITHM_BITMAP HashAlgorithmBitmap;
-+ EFI_CC_EVENT_LOG_BITMAP SupportedEventLogs;
-+ EFI_CC_TYPE CcType;
-+} EFI_CC_BOOT_SERVICE_CAPABILITY;
-+
-+struct efi_cc_protocol
-+{
-+ EFI_STATUS (EFIAPI *get_capability) (
-+ struct efi_cc_protocol *this,
-+ EFI_CC_BOOT_SERVICE_CAPABILITY *ProtocolCapability);
-+ EFI_STATUS (EFIAPI *get_event_log) (
-+ struct efi_cc_protocol *this,
-+ EFI_CC_EVENT_LOG_FORMAT EventLogFormat,
-+ EFI_PHYSICAL_ADDRESS *EventLogLocation,
-+ EFI_PHYSICAL_ADDRESS *EventLogLastEntry,
-+ BOOLEAN *EventLogTruncated);
-+ EFI_STATUS (EFIAPI *hash_log_extend_event) (
-+ struct efi_cc_protocol *this,
-+ uint64_t Flags,
-+ EFI_PHYSICAL_ADDRESS DataToHash,
-+ uint64_t DataToHashLen,
-+ EFI_CC_EVENT *EfiCcEvent);
-+ EFI_STATUS (EFIAPI *map_pcr_to_mr_index) (
-+ struct efi_cc_protocol *this,
-+ uint32_t PcrIndex,
-+ EFI_CC_MR_INDEX *MrIndex);
-+};
-+
-+typedef struct efi_cc_protocol efi_cc_protocol_t;
-+
-+#define EFI_CC_FLAG_PE_COFF_IMAGE 0x0000000000000010
-+
-+#endif /* SHIM_CC_H */
-+// vim:fenc=utf-8:tw=75
-diff --git a/include/guid.h b/include/guid.h
-index d9910ff1abc..dad63f0f4f9 100644
---- a/include/guid.h
-+++ b/include/guid.h
-@@ -29,6 +29,7 @@ extern EFI_GUID EFI_IP6_CONFIG_GUID;
- extern EFI_GUID EFI_LOADED_IMAGE_GUID;
- extern EFI_GUID EFI_TPM_GUID;
- extern EFI_GUID EFI_TPM2_GUID;
-+extern EFI_GUID EFI_CC_MEASUREMENT_PROTOCOL_GUID;
- extern EFI_GUID EFI_SECURE_BOOT_DB_GUID;
- extern EFI_GUID EFI_SIMPLE_FILE_SYSTEM_GUID;
- extern EFI_GUID SECURITY_PROTOCOL_GUID;
-diff --git a/shim.h b/shim.h
-index 7e9d10eb2df..14824c67aff 100644
---- a/shim.h
-+++ b/shim.h
-@@ -186,6 +186,7 @@
- #include "include/simple_file.h"
- #include "include/str.h"
- #include "include/tpm.h"
-+#include "include/cc.h"
- #include "include/ucs2.h"
- #include "include/variables.h"
- #include "include/hexdump.h"
---
-2.37.1
-
diff --git a/SOURCES/0005-Discard-load-options-that-start-with-a-NUL.patch b/SOURCES/0005-Discard-load-options-that-start-with-a-NUL.patch
deleted file mode 100644
index 8d6d654..0000000
--- a/SOURCES/0005-Discard-load-options-that-start-with-a-NUL.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From 14d63398298c8de23036a4cf61594108b7345863 Mon Sep 17 00:00:00 2001
-From: Robbie Harwood <rharwood@redhat.com>
-Date: Tue, 23 Aug 2022 12:07:16 -0400
-Subject: [PATCH 05/13] Discard load-options that start with a NUL
-
-In 6c8d08c0af4768c715b79c8ec25141d56e34f8b4 ("shim: Ignore UEFI
-LoadOptions that are just NUL characters."), a check was added to
-discard load options that are entirely NUL. We now see some firmwares
-that start LoadOptions with a NUL, and then follow it with garbage (path
-to directory containing loaders). Widen the check to just discard
-anything that starts with a NUL.
-
-Resolves: #490
-Related: #95
-See-also: https://bugzilla.redhat.com/show_bug.cgi?id=2113005
-Signed-off-by: Robbie Harwood <rharwood@redhat.com>
----
- load-options.c | 7 ++++++-
- include/ucs2.h | 18 ------------------
- 2 files changed, 6 insertions(+), 19 deletions(-)
-
-diff --git a/load-options.c b/load-options.c
-index c6bb7427685..a8c6e1a3d37 100644
---- a/load-options.c
-+++ b/load-options.c
-@@ -404,8 +404,13 @@ parse_load_options(EFI_LOADED_IMAGE *li)
-
- /*
- * Apparently sometimes we get L"\0\0"? Which isn't useful at all.
-+ *
-+ * Possibly related, but some boards have additional data before the
-+ * size which is garbage (it's a weird path to the directory
-+ * containing the loaders). Known boards that do this: Kontron VX3040
-+ * (AMI), ASUS B85M-E, and at least one "older Dell laptop".
- */
-- if (is_all_nuls(li->LoadOptions, li->LoadOptionsSize))
-+ if (((CHAR16 *)li->LoadOptions)[0] == 0)
- return EFI_SUCCESS;
-
- /*
-diff --git a/include/ucs2.h b/include/ucs2.h
-index ee038ce798a..87eab32f006 100644
---- a/include/ucs2.h
-+++ b/include/ucs2.h
-@@ -63,22 +63,4 @@ StrCSpn(const CHAR16 *s, const CHAR16 *reject)
- return ret;
- }
-
--/*
-- * Test if an entire buffer is nothing but NUL characters. This
-- * implementation "gracefully" ignores the difference between the
-- * UTF-8/ASCII 1-byte NUL and the UCS-2 2-byte NUL.
-- */
--static inline bool
--__attribute__((__unused__))
--is_all_nuls(UINT8 *data, UINTN data_size)
--{
-- UINTN i;
--
-- for (i = 0; i < data_size; i++) {
-- if (data[i] != 0)
-- return false;
-- }
-- return true;
--}
--
- #endif /* SHIM_UCS2_H */
---
-2.37.1
-
diff --git a/SOURCES/0006-shim-Flush-the-memory-region-from-i-cache-before-exe.patch b/SOURCES/0006-shim-Flush-the-memory-region-from-i-cache-before-exe.patch
deleted file mode 100644
index 457ab90..0000000
--- a/SOURCES/0006-shim-Flush-the-memory-region-from-i-cache-before-exe.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 5c537b3d0cf8c393dad2e61d49aade68f3af1401 Mon Sep 17 00:00:00 2001
-From: dann frazier <dann.frazier@canonical.com>
-Date: Tue, 6 Sep 2022 09:28:22 -0600
-Subject: [PATCH 06/13] shim: Flush the memory region from i-cache before
- execution
-
-We've seen crashes in early GRUB code on an ARM Cortex-A72-based
-platform that point at seemingly harmless instructions. Flushing
-the i-cache of those instructions prior to executing has been
-shown to avoid the problem, which has parallels with this story:
- https://www.mail-archive.com/osv-dev@googlegroups.com/msg06203.html
-
-Add a cache flushing utility function and provide an implementation
-using a GCC intrinsic. This will need to be extended to support other
-compilers. Note that this intrinsic is a no-op for x86 platforms.
-
-This fixes issue #498.
-
-Signed-off-by: dann frazier <dann.frazier@canonical.com>
----
- pe.c | 3 +++
- include/compiler.h | 6 ++++++
- 2 files changed, 9 insertions(+)
-
-diff --git a/pe.c b/pe.c
-index ba3e2bbc444..f94530a20c0 100644
---- a/pe.c
-+++ b/pe.c
-@@ -1196,6 +1196,9 @@ handle_image (void *data, unsigned int datasize,
-
- CopyMem(buffer, data, context.SizeOfHeaders);
-
-+ /* Flush the instruction cache for the region holding the image */
-+ cache_invalidate(buffer, buffer + context.ImageSize);
-+
- *entry_point = ImageAddress(buffer, context.ImageSize, context.EntryPoint);
- if (!*entry_point) {
- perror(L"Entry point is invalid\n");
-diff --git a/include/compiler.h b/include/compiler.h
-index b4bf10319ee..b0d595f32c2 100644
---- a/include/compiler.h
-+++ b/include/compiler.h
-@@ -192,5 +192,11 @@
- */
- #define unreachable() __builtin_unreachable()
-
-+#if defined(__GNUC__)
-+#define cache_invalidate(begin, end) __builtin___clear_cache(begin, end)
-+#else /* __GNUC__ */
-+#error shim has no cache_invalidate() implementation for this compiler
-+#endif /* __GNUC__ */
-+
- #endif /* !COMPILER_H_ */
- // vim:fenc=utf-8:tw=75:et
---
-2.37.1
-
diff --git a/SOURCES/0007-load_cert_file-Fix-stack-issue.patch b/SOURCES/0007-load_cert_file-Fix-stack-issue.patch
deleted file mode 100644
index b1d13c3..0000000
--- a/SOURCES/0007-load_cert_file-Fix-stack-issue.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef Mon Sep 17 00:00:00 2001
-From: Eric Snowberg <eric.snowberg@oracle.com>
-Date: Wed, 2 Nov 2022 10:39:43 -0600
-Subject: [PATCH 07/13] load_cert_file: Fix stack issue
-
-0214cd9cef5a fixes a NULL pointer dereference problem, it introduces two
-new problems. First it incorrectly assumes li.FilePath is a string.
-Second, it puts EFI_LOADED_IMAGE li on the stack. It has been found
-that not all archectures can handle this being on the stack.
-
-The shim_li variable will be setup properly from the read_image
-call. Use the global shim_li variable instead when calling
-verify_image.
-
-Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
----
- shim.c | 6 +-----
- 1 file changed, 1 insertion(+), 5 deletions(-)
-
-diff --git a/shim.c b/shim.c
-index 27b74ce06c3..0d919ceb83c 100644
---- a/shim.c
-+++ b/shim.c
-@@ -1395,7 +1395,6 @@ EFI_STATUS
- load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName)
- {
- EFI_STATUS efi_status;
-- EFI_LOADED_IMAGE li;
- PE_COFF_LOADER_IMAGE_CONTEXT context;
- EFI_IMAGE_SECTION_HEADER *Section;
- EFI_SIGNATURE_LIST *certlist;
-@@ -1410,10 +1409,7 @@ load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName)
- if (EFI_ERROR(efi_status))
- return efi_status;
-
-- memset(&li, 0, sizeof(li));
-- memcpy(&li.FilePath[0], filename, MIN(StrSize(filename), sizeof(li.FilePath)));
--
-- efi_status = verify_image(data, datasize, &li, &context);
-+ efi_status = verify_image(data, datasize, shim_li, &context);
- if (EFI_ERROR(efi_status))
- return efi_status;
-
---
-2.37.1
-
diff --git a/SOURCES/0008-load_cert_file-Use-EFI-RT-memory-function.patch b/SOURCES/0008-load_cert_file-Use-EFI-RT-memory-function.patch
deleted file mode 100644
index 265c724..0000000
--- a/SOURCES/0008-load_cert_file-Use-EFI-RT-memory-function.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From ea4911c2f3ce8f8f703a1476febac86bb16b00fd Mon Sep 17 00:00:00 2001
-From: Eric Snowberg <eric.snowberg@oracle.com>
-Date: Wed, 2 Nov 2022 10:45:23 -0600
-Subject: [PATCH 08/13] load_cert_file: Use EFI RT memory function
-
-Use the EFI RT memory function CopyMem instead of memcpy in load_cert_file.
-
-Signed-off-by: Eric Snowberg <eric.snowberg@oracle.com>
----
- shim.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/shim.c b/shim.c
-index 0d919ceb83c..4437898af56 100644
---- a/shim.c
-+++ b/shim.c
-@@ -1429,8 +1429,8 @@ load_cert_file(EFI_HANDLE image_handle, CHAR16 *filename, CHAR16 *PathName)
- user_cert_size += certlist->SignatureListSize;;
- user_cert = ReallocatePool(user_cert, original,
- user_cert_size);
-- memcpy(user_cert + original, pointer,
-- certlist->SignatureListSize);
-+ CopyMem(user_cert + original, pointer,
-+ certlist->SignatureListSize);
- }
- }
- FreePool(data);
---
-2.37.1
-
diff --git a/SOURCES/0009-Add-malign-double-to-IA32-compiler-flags.patch b/SOURCES/0009-Add-malign-double-to-IA32-compiler-flags.patch
deleted file mode 100644
index ede4471..0000000
--- a/SOURCES/0009-Add-malign-double-to-IA32-compiler-flags.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Mon Sep 17 00:00:00 2001
-From: Nicholas Bishop <nicholasbishop@google.com>
-Date: Thu, 6 Oct 2022 16:08:56 -0400
-Subject: [PATCH 09/13] Add -malign-double to IA32 compiler flags
-
-This changes the alignment of UINT64 data to 8 bytes on IA32, which
-matches EDK2's understanding of alignment. In particular this change
-affects the offset where shim writes `EFI_LOADED_IMAGE.ImageSize`.
-
-Fixes https://github.com/rhboot/shim/issues/515
-
-Signed-off-by: Nicholas Bishop <nicholasbishop@google.com>
----
- Make.defaults | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Make.defaults b/Make.defaults
-index dfed9c4a3c7..c46164a33ea 100644
---- a/Make.defaults
-+++ b/Make.defaults
-@@ -71,7 +71,7 @@ ifeq ($(ARCH),x86_64)
- endif
- ifeq ($(ARCH),ia32)
- ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
-- $(CLANG_BUGS) -m32 \
-+ $(CLANG_BUGS) -m32 -malign-double \
- -DMDE_CPU_IA32 -DPAGE_SIZE=4096
- ARCH_GNUEFI ?= ia32
- ARCH_SUFFIX ?= ia32
---
-2.37.1
-
diff --git a/SOURCES/0010-pe-Fix-image-section-entry-point-validation.patch b/SOURCES/0010-pe-Fix-image-section-entry-point-validation.patch
deleted file mode 100644
index 9abcffb..0000000
--- a/SOURCES/0010-pe-Fix-image-section-entry-point-validation.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 17f02339ed1be9e90738603fe3c95ae7dc300061 Mon Sep 17 00:00:00 2001
-From: Ilya Okomin <ilya.okomin@oracle.com>
-Date: Fri, 7 Oct 2022 16:52:08 -0400
-Subject: [PATCH 10/13] pe: Fix image section entry-point validation
-
-Seen mokmanager image load failure '2 sections contain entry point'
-for shim built on Oracle Linux 9 aarch64. found_entry_point counter in
-handle_image() uses SizeOfRawData to calculate section boundary.
-PE spec defines VirtualSize for the total size of the section when loaded
-into memory. SizeOfRawData is the size of the section (for object files)
-or the size of the initialized data on disk.
-
-Fix this issue by updating section in-memory size limit to VirtualSize.
-
-Resolves: #517
-Signed-off-by: Ilya Okomin <ilya.okomin@oracle.com>
----
- pe.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/pe.c b/pe.c
-index f94530a20c0..9a3679e16a1 100644
---- a/pe.c
-+++ b/pe.c
-@@ -1259,7 +1259,7 @@ handle_image (void *data, unsigned int datasize,
- }
-
- if (Section->VirtualAddress <= context.EntryPoint &&
-- (Section->VirtualAddress + Section->SizeOfRawData - 1)
-+ (Section->VirtualAddress + Section->Misc.VirtualSize - 1)
- > context.EntryPoint)
- found_entry_point++;
-
---
-2.37.1
-
diff --git a/SOURCES/0011-make-archive-Build-reproducible-tarball.patch b/SOURCES/0011-make-archive-Build-reproducible-tarball.patch
deleted file mode 100644
index 9fa4247..0000000
--- a/SOURCES/0011-make-archive-Build-reproducible-tarball.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 5169769e0f84dd227592cb73da97dacd61ae40b9 Mon Sep 17 00:00:00 2001
-From: Julian Andres Klode <julian.klode@canonical.com>
-Date: Mon, 14 Nov 2022 12:16:29 +0100
-Subject: [PATCH 11/13] make-archive: Build reproducible tarball
-
-Remove timestamps, user names, etc. from the tarball so that
-it can be built reproducibly by multiple people, on different
-machines.
-
-The outer bzip2 layer might still be different, no reproducible
-bzip2 known.
-
-Signed-off-by: Julian Andres Klode <julian.klode@canonical.com>
----
- make-archive | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/make-archive b/make-archive
-index d4f095f0a46..9ae9eef077a 100755
---- a/make-archive
-+++ b/make-archive
-@@ -86,14 +86,16 @@ main() {
- cd ..
- if [ "x" = "x${SHIM_GIT_TAG}" ] ; then
- git archive --format=tar "$(git log -1 --pretty=format:%h)" | ( cd "${ARCHIVE_DIR}/shim-${VERSION}" ; tar x )
-+ TIMESTAMP=0
- else
- # ORIGIN doesn't yet have this tag
- git archive --format=tar "${SHIM_GIT_TAG}" | ( cd "${ARCHIVE_DIR}/shim-${VERSION}" ; tar x )
-+ TIMESTAMP=$(git log -1 --pretty=%ct "${SHIM_GIT_TAG}")
- fi
- git log -1 --pretty=format:%H > "${ARCHIVE_DIR}/shim-${VERSION}/commit"
- DIR="$PWD"
- cd "${ARCHIVE_DIR}"
-- tar -c --bzip2 -f "${DIR}/shim-${VERSION}.tar.bz2" "shim-${VERSION}"
-+ tar -c --sort=name --mtime="@${TIMESTAMP}" --owner=0 --group=0 --numeric-owner --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime --bzip2 -f "${DIR}/shim-${VERSION}.tar.bz2" "shim-${VERSION}"
- rm -rf "${ARCHIVE_DIR}"
- echo "The archive is in shim-${VERSION}.tar.bz2"
- exit 0
---
-2.37.1
-
diff --git a/SOURCES/0012-mok-remove-MokListTrusted-from-PCR-7.patch b/SOURCES/0012-mok-remove-MokListTrusted-from-PCR-7.patch
deleted file mode 100644
index 83375d3..0000000
--- a/SOURCES/0012-mok-remove-MokListTrusted-from-PCR-7.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From aa1b289a1a16774afc3143b8948d97261f0872d0 Mon Sep 17 00:00:00 2001
-From: Arthur Gautier <arthur.gautier@arista.com>
-Date: Fri, 21 Oct 2022 13:20:45 -0700
-Subject: [PATCH 12/13] mok: remove MokListTrusted from PCR 7
-
-MokListTrusted was added by mistake to PCR 7 in 4e513405. The value of
-MokListTrusted does not alter the behavior of secure boot so, as per
-https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClient_PFP_r1p05_v23_pub.pdf#page=36
-(section 3.3.4 PCR usage) so it should not be factored in the value of
-PCR 7.
-
-See:
- https://github.com/rhboot/shim/pull/423
- https://github.com/rhboot/shim/commit/4e513405b4f1641710115780d19dcec130c5208f
-
-Fixes https://github.com/rhboot/shim/issues/484
-Fixes https://github.com/rhboot/shim/issues/492
-
-Signed-off-by: Arthur Gautier <arthur.gautier@arista.com>
----
- mok.c | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/mok.c b/mok.c
-index 63ddfcaaea3..9811b358626 100644
---- a/mok.c
-+++ b/mok.c
-@@ -178,7 +178,6 @@ struct mok_state_variable mok_state_variable_data[] = {
- EFI_VARIABLE_NON_VOLATILE,
- .no_attr = EFI_VARIABLE_RUNTIME_ACCESS,
- .flags = MOK_MIRROR_DELETE_FIRST |
-- MOK_VARIABLE_MEASURE |
- MOK_VARIABLE_INVERSE |
- MOK_VARIABLE_LOG,
- .pcr = 14,
---
-2.37.1
-
diff --git a/SOURCES/0013-CryptoPkg-BaseCryptLib-fix-NULL-dereference.patch b/SOURCES/0013-CryptoPkg-BaseCryptLib-fix-NULL-dereference.patch
deleted file mode 100644
index ae123c6..0000000
--- a/SOURCES/0013-CryptoPkg-BaseCryptLib-fix-NULL-dereference.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 53509eaf2253e23bfb552e9386fd0877abe592b4 Mon Sep 17 00:00:00 2001
-From: Jian J Wang <jian.j.wang@intel.com>
-Date: Thu, 25 Apr 2019 23:42:16 +0800
-Subject: [PATCH 13/13] CryptoPkg/BaseCryptLib: fix NULL dereference
-
-AuthenticodeVerify() calls OpenSSLs d2i_PKCS7() API to parse asn encoded
-signed authenticode pkcs#7 data. when this successfully returns, a type
-check is done by calling PKCS7_type_is_signed() and then
-Pkcs7->d.sign->contents->type is used. It is possible to construct an asn1
-blob that successfully decodes and have d2i_PKCS7() return a valid pointer
-and have PKCS7_type_is_signed() also return success but have Pkcs7->d.sign
-be a NULL pointer.
-
-Looking at how PKCS7_verify() [inside of OpenSSL] implements checking for
-pkcs7 structs it does the following:
-- call PKCS7_type_is_signed()
-- call PKCS7_get_detached()
-Looking into how PKCS7_get_detatched() is implemented, it checks to see if
-p7->d.sign is NULL or if p7->d.sign->contents->d.ptr is NULL.
-
-As such, the fix is to do the same as OpenSSL after calling d2i_PKCS7().
-- Add call to PKS7_get_detached() to existing error handling
-
-Cc: Chao Zhang <chao.b.zhang@intel.com>
-Cc: Jiewen Yao <jiewen.yao@intel.com>
-Signed-off-by: Jian J Wang <jian.j.wang@intel.com>
-Cherry-picked-from: https://github.com/tianocore/edk2/commit/26442d11e620a9e81c019a24a4ff38441c64ba10
----
- Cryptlib/Pk/CryptAuthenticode.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/Cryptlib/Pk/CryptAuthenticode.c b/Cryptlib/Pk/CryptAuthenticode.c
-index 74e50a2e862..f6f988b8480 100644
---- a/Cryptlib/Pk/CryptAuthenticode.c
-+++ b/Cryptlib/Pk/CryptAuthenticode.c
-@@ -9,7 +9,7 @@
- AuthenticodeVerify() will get PE/COFF Authenticode and will do basic check for
- data structure.
-
--Copyright (c) 2011 - 2015, Intel Corporation. All rights reserved.<BR>
-+Copyright (c) 2011 - 2019, Intel Corporation. All rights reserved.<BR>
- This program and the accompanying materials
- are licensed and made available under the terms and conditions of the BSD License
- which accompanies this distribution. The full text of the license may be found at
-@@ -106,7 +106,7 @@ AuthenticodeVerify (
- //
- // Check if it's PKCS#7 Signed Data (for Authenticode Scenario)
- //
-- if (!PKCS7_type_is_signed (Pkcs7)) {
-+ if (!PKCS7_type_is_signed (Pkcs7) || PKCS7_get_detached (Pkcs7)) {
- goto _Exit;
- }
-
---
-2.37.1
-
diff --git a/SOURCES/0014-Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch b/SOURCES/0014-Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch
deleted file mode 100644
index 115573a..0000000
--- a/SOURCES/0014-Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From 657b2483ca6e9fcf2ad8ac7ee577ff546d24c3aa Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Mon, 5 Dec 2022 17:57:36 -0500
-Subject: [PATCH] Make sbat_var.S parse right with buggy gcc/binutils
-
-In https://github.com/rhboot/shim/issues/533 , iokomin noticed that
-gas in binutils before 2.36 appears to be incorrectly concatenating
-string literals in '.asciz' directives, including an extra NUL character
-in between the strings, and this will cause us to incorrectly parse the
-.sbatlevel section in shim binaries.
-
-This patch adds test cases that will cause the build to fail if this has
-happened, as well as changing sbat_var.S to to use '.ascii' and '.byte'
-to construct the data, rather than using '.asciz'.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- test-sbat.c | 32 ++++++++++++++++++++++++++++++++
- sbat_var.S | 6 ++++--
- include/test.mk | 2 +-
- 3 files changed, 37 insertions(+), 3 deletions(-)
-
-diff --git a/test-sbat.c b/test-sbat.c
-index 72bebe7ae63..65bc6a84baa 100644
---- a/test-sbat.c
-+++ b/test-sbat.c
-@@ -1107,6 +1107,36 @@ test_preserve_sbat_uefi_variable_bad_short(void)
- return 0;
- }
-
-+static int
-+test_sbat_var_asciz(void)
-+{
-+ EFI_STATUS status;
-+ char buf[1024] = "";
-+ UINT32 attrs = 0;
-+ UINTN size = sizeof(buf);
-+ char expected[] = SBAT_VAR_PREVIOUS;
-+
-+ status = set_sbat_uefi_variable();
-+ if (status != EFI_SUCCESS)
-+ return -1;
-+
-+ status = RT->GetVariable(SBAT_VAR_NAME, &SHIM_LOCK_GUID, &attrs, &size, buf);
-+ if (status != EFI_SUCCESS)
-+ return -1;
-+
-+ /*
-+ * this should be enough to get past "sbat,", which handles the
-+ * first error.
-+ */
-+ if (size < (strlen(SBAT_VAR_SIG) + 2) || size != strlen(expected))
-+ return -1;
-+
-+ if (strncmp(expected, buf, size) != 0)
-+ return -1;
-+
-+ return 0;
-+}
-+
- int
- main(void)
- {
-@@ -1155,6 +1185,8 @@ main(void)
- test(test_preserve_sbat_uefi_variable_version_older);
- test(test_preserve_sbat_uefi_variable_version_olderlonger);
-
-+ test(test_sbat_var_asciz);
-+
- return 0;
- }
-
-diff --git a/sbat_var.S b/sbat_var.S
-index a115077ae4d..2a813a403b4 100644
---- a/sbat_var.S
-+++ b/sbat_var.S
-@@ -14,7 +14,9 @@ sbat_var_payload_header:
- .Lsbat_var_payload_header_end:
- .balign 1, 0
- .Lsbat_var_previous:
-- .asciz SBAT_VAR_PREVIOUS
-+ .ascii SBAT_VAR_PREVIOUS
-+ .byte 0
- .balign 1, 0
- .Lsbat_var_latest:
-- .asciz SBAT_VAR_LATEST
-+ .ascii SBAT_VAR_LATEST
-+ .byte 0
-diff --git a/include/test.mk b/include/test.mk
-index c0e2409517a..c37b84466ed 100644
---- a/include/test.mk
-+++ b/include/test.mk
-@@ -92,7 +92,7 @@ test-mock-variables: CFLAGS+=-DHAVE_SHIM_LOCK_GUID
- test-mok-mirror_FILES = mok.c globals.c tpm.c lib/guid.c lib/variables.c mock-variables.c
- test-mok-mirror: CFLAGS+=-DHAVE_START_IMAGE -DHAVE_SHIM_LOCK_GUID
-
--test-sbat_FILES = csv.c lib/variables.c lib/guid.c sbat_var.S
-+test-sbat_FILES = csv.c lib/variables.c lib/guid.c sbat_var.S mock-variables.c
- test-sbat :: CFLAGS+=-DHAVE_GET_VARIABLE -DHAVE_GET_VARIABLE_ATTR -DHAVE_SHIM_LOCK_GUID
-
- test-str_FILES = lib/string.c
---
-2.38.1
-
diff --git a/SOURCES/sbat.redhat.csv b/SOURCES/sbat.redhat.csv
new file mode 100644
index 0000000..be9e036
--- /dev/null
+++ b/SOURCES/sbat.redhat.csv
@@ -0,0 +1 @@
+shim.redhat,3,Red Hat Inc,shim,15.8,secalert@redhat.com
diff --git a/SOURCES/shim.patches b/SOURCES/shim.patches
index 5ee5430..0d43178 100644
--- a/SOURCES/shim.patches
+++ b/SOURCES/shim.patches
@@ -1,14 +1 @@
-Patch0001: 0001-Make-SBAT-variable-payload-introspectable.patch
-Patch0002: 0002-Reference-MokListRT-instead-of-MokList.patch
-Patch0003: 0003-Add-a-link-to-the-test-plan-in-the-readme.patch
-Patch0004: 0004-Enable-TDX-measurement-to-RTMR-register.patch
-Patch0005: 0005-Discard-load-options-that-start-with-a-NUL.patch
-Patch0006: 0006-shim-Flush-the-memory-region-from-i-cache-before-exe.patch
-Patch0007: 0007-load_cert_file-Fix-stack-issue.patch
-Patch0008: 0008-load_cert_file-Use-EFI-RT-memory-function.patch
-Patch0009: 0009-Add-malign-double-to-IA32-compiler-flags.patch
-Patch0010: 0010-pe-Fix-image-section-entry-point-validation.patch
-Patch0011: 0011-make-archive-Build-reproducible-tarball.patch
-Patch0012: 0012-mok-remove-MokListTrusted-from-PCR-7.patch
-Patch0013: 0013-CryptoPkg-BaseCryptLib-fix-NULL-dereference.patch
-Patch0014: 0014-Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch
+Patch0001: 0001-dos2unix-fix-flags-for-RHEL-7.patch
diff --git a/SPECS/shim.spec b/SPECS/shim.spec
index c7ca2b6..2783ddc 100644
--- a/SPECS/shim.spec
+++ b/SPECS/shim.spec
@@ -1,5 +1,5 @@
Name: shim
-Version: 15.6
+Version: 15.8
Release: 3.el7
Summary: First-stage UEFI bootloader
@@ -8,6 +8,7 @@ URL: https://github.com/rhboot/shim
Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
Source1: shim-find-debuginfo.sh
Source2: shim.patches
+Source3: sbat.redhat.csv
Source100: db.aa64.esl
Source101: dbx.aa64.esl
@@ -17,6 +18,7 @@ Source201: dbx.x64.esl
%include %{SOURCE2}
BuildRequires: binutils
+BuildRequires: dos2unix
BuildRequires: gcc
BuildRequires: git
BuildRequires: efivar-devel efivar-libs
@@ -106,6 +108,8 @@ cd %{name}-%{version}-%{efiarch}
git init
git config user.email "example@example.com"
git config user.name "rpmbuild -bp"
+echo 5914984a1ffeab841f482c791426d7ca9935a5e6 > commit
+cp %{SOURCE3} data/
git add .
git commit -a -q -m "%{version} baseline."
git am --ignore-whitespace %{patches} </dev/null
@@ -120,6 +124,7 @@ cd %{name}-%{version}-ia32
git init
git config user.email "example@example.com"
git config user.name "rpmbuild -bp"
+echo 5914984a1ffeab841f482c791426d7ca9935a5e6 > commit
git add .
git commit -a -q -m "%{version} baseline."
git am --ignore-whitespace %{patches} </dev/null
@@ -129,20 +134,21 @@ git config --unset user.name
%build
COMMIT_ID=$(cat %{name}-%{version}-%{efiarch}/commit)
-MAKEFLAGS="RELEASE=%{release} ENABLE_HTTPBOOT=true COMMIT_ID=${COMMIT_ID}"
+MAKEFLAGS="RELEASE=%{release} ENABLE_HTTPBOOT=true COMMIT_ID=${COMMIT_ID} "
+MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 "
%ifarch aarch64
if [ -s "%{SOURCE100}" ]; then
- MAKEFLAGS="$MAKEFLAGS VENDOR_DB_FILE=%{SOURCE100}"
+ MAKEFLAGS="$MAKEFLAGS VENDOR_DB_FILE=%{SOURCE100} "
fi
if [ -s "%{SOURCE101}" ]; then
- MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE101}"
+ MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE101} "
fi
%else
if [ -s "%{SOURCE200}" ]; then
- MAKEFLAGS="$MAKEFLAGS VENDOR_DB_FILE=%{SOURCE200}"
+ MAKEFLAGS="$MAKEFLAGS VENDOR_DB_FILE=%{SOURCE200} "
fi
if [ -s "%{SOURCE201}" ]; then
- MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE201}"
+ MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE201} "
fi
%endif
cd %{name}-%{version}-%{efiarch}
@@ -228,6 +234,18 @@ cd ../%{name}-%{version}-%{efiarch}
%endif
%changelog
+* Wed Feb 07 2024 Peter Jones <pjones@redhat.com> - 15.8-3.el7
+- Update to include vendor sbat data.
+ Resolves: RHEL-11254
+
+* Tue Feb 06 2024 Peter Jones <pjones@redhat.com> - 15.8-2.el7
+- Rebuild to fix the commit ident and MAKEFLAGS
+ Resolves: RHEL-11254
+
+* Wed Dec 06 2023 Peter Jones <pjones@redhat.com> - 15.8-1.el7
+- Update to shim-15.8 for CVE-2023-40547
+ Resolves: RHEL-11254
+
* Wed Dec 07 2022 Peter Jones <pjones@redhat.com> - 15.6-3.el7
- Patch to work around upstream issue #533
Related: CVE-2020-14372