From 03d0f36e3903745fbc248f96dcd724261e80f33a Mon Sep 17 00:00:00 2001
From: Jan Setje-Eilers <jan.setjeeilers@oracle.com>
Date: Fri, 9 Jun 2023 14:57:58 -0700
Subject: [PATCH] SkuSiPolicy payload - at the moment this is only for testing

Signed-off-by: Jan Setje-Eilers <Jan.SetjeEilers@oracle.com>
---
 Makefile                              |  31 +++++++++++++++++++++-----
 data/SkuSiPolicy_Version_latest.bin   | Bin 0 -> 8 bytes
 data/SkuSiPolicy_Version_previous.bin | Bin 0 -> 8 bytes
 data/SkuSiPolicy_latest.bin           | Bin 0 -> 131 bytes
 data/SkuSiPolicy_previous.bin         | Bin 0 -> 131 bytes
 5 files changed, 25 insertions(+), 6 deletions(-)
 create mode 100644 data/SkuSiPolicy_Version_latest.bin
 create mode 100644 data/SkuSiPolicy_Version_previous.bin
 create mode 100644 data/SkuSiPolicy_latest.bin
 create mode 100644 data/SkuSiPolicy_previous.bin

diff --git a/Makefile b/Makefile
index d3e77cd..492154c 100644
--- a/Makefile
+++ b/Makefile
@@ -51,12 +51,19 @@ endef
 
 define add-vendor-sbat
 $(OBJCOPY) --add-section ".$(patsubst %.csv,%,$(1))=$(1)" $(2)
+endef
 
+define add-skusi
+$(OBJCOPY) --add-section ".$(patsubst %.bin,%,$(1))=$(1)" $(2)
 endef
 
 SBATPATH = $(TOPDIR)/data/sbat.csv
 SBATLEVELLATESTPATH = $(TOPDIR)/data/sbat_level_latest.csv
 SBATLEVELPREVIOUSPATH = $(TOPDIR)/data/sbat_level_previous.csv
+SSPVLATESTPATH = $(TOPDIR)/data/SkuSiPolicy_latest.bin
+SSPSLATESTPATH = $(TOPDIR)/data/SkuSiPolicy_Version_latest.bin
+SSPVPREVIOUSPATH = $(TOPDIR)/data/SkuSiPolicy_previous.bin
+SSPSPREVIOUSPATH = $(TOPDIR)/data/SkuSiPolicy_Version_previous.bin
 VENDOR_SBATS := $(sort $(foreach x,$(wildcard $(TOPDIR)/data/sbat.*.csv data/sbat.*.csv),$(notdir $(x))))
 
 OBJFLAGS =
@@ -88,7 +95,7 @@ endif
 
 all : certmule.efi revocations.efi
 
-certmule.so : sbat_data.o certmule.o
+certmule.so : revocation_data.o certmule.o
 certmule.so : SOLIBS=
 certmule.so : SOFLAGS=
 certmule.so : BUILDFLAGS+=-DVENDOR_DB
@@ -96,11 +103,11 @@ certmule.efi : OBJFLAGS = --strip-unneeded $(call VENDOR_DB, $<)
 certmule.efi : SECTIONS=.text .reloc .db .sbat
 certmule.efi : VENDOR_DB_FILE?=db.esl
 
-revocations.so : sbat_data.o revocations.o
+revocations.so : revocation_data.o revocations.o
 revocations.so : SOLIBS=
 revocations.so : SOFLAGS=
-revocations.efi : OBJFLAGS = --strip-unneeded 
-revocations.efi : SECTIONS=.text .reloc .sbat .sbatl .sbatp
+revocations.efi : OBJFLAGS = --strip-unneeded
+revocations.efi : SECTIONS=.text .reloc .sbat .sbatl .sbatp .sspvp .sspsp .sspvl .sspsl
 
 revocations.o : certmule.o
 	cp certmule.o revocations.o
@@ -114,8 +121,8 @@ endif
 		   $(OBJFLAGS) \
 		   $(FORMAT) $^ $@
 
-sbat_data.o : | $(SBATPATH) $(VENDOR_SBATS)
-sbat_data.o : /dev/null
+revocation_data.o : | $(SBATPATH) $(VENDOR_SBATS)
+revocation_data.o : /dev/null
 	$(CC) $(BUILDFLAGS) -x c -c -o $@ $<
 	$(OBJCOPY) --add-section .sbat=$(SBATPATH) \
 		--set-section-flags .sbat=contents,alloc,load,readonly,data \
@@ -126,6 +133,18 @@ sbat_data.o : /dev/null
 	$(OBJCOPY) --add-section .sbatp=$(SBATLEVELPREVIOUSPATH) \
 		--set-section-flags .sbatp=contents,alloc,load,readonly,data \
 		$@
+	$(OBJCOPY) --add-section .sspvl=$(SSPVLATESTPATH) \
+		--set-section-flags .sspvl=contents,alloc,load,readonly,data \
+		$@
+	$(OBJCOPY) --add-section .sspsl=$(SSPSLATESTPATH) \
+		--set-section-flags .sspsl=contents,alloc,load,readonly,data \
+		$@
+	$(OBJCOPY) --add-section .sspvp=$(SSPVPREVIOUSPATH) \
+		--set-section-flags .sspvp=contents,alloc,load,readonly,data \
+		$@
+	$(OBJCOPY) --add-section .sspsp=$(SSPSPREVIOUSPATH) \
+		--set-section-flags .sspsp=contents,alloc,load,readonly,data \
+		$@
 	$(foreach vs,$(VENDOR_SBATS),$(call add-vendor-sbat,$(vs),$@))
 
 %.so : %.o
diff --git a/data/SkuSiPolicy_Version_latest.bin b/data/SkuSiPolicy_Version_latest.bin
new file mode 100644
index 0000000000000000000000000000000000000000..329e937b3fb9c867983245d50d0c408cc7dc59ea
GIT binary patch
literal 8
McmZQ#00CwO0015U1^@s6

literal 0
HcmV?d00001

diff --git a/data/SkuSiPolicy_Version_previous.bin b/data/SkuSiPolicy_Version_previous.bin
new file mode 100644
index 0000000000000000000000000000000000000000..412ee8764ac5c75d4b1aa5692ebfb98c7130c7da
GIT binary patch
literal 8
McmZQ#00AZj000~S1poj5

literal 0
HcmV?d00001

diff --git a/data/SkuSiPolicy_latest.bin b/data/SkuSiPolicy_latest.bin
new file mode 100644
index 0000000000000000000000000000000000000000..02968773e05f5b49940901d1943438bb8cc60051
GIT binary patch
literal 131
zcmZQ%U|?VaVr+mBD98=O7bX@%rJ2BV$g&C)eheBv1<r>mL!-E~*%(<Eo6NbG!8QW`
D(i#V8

literal 0
HcmV?d00001

diff --git a/data/SkuSiPolicy_previous.bin b/data/SkuSiPolicy_previous.bin
new file mode 100644
index 0000000000000000000000000000000000000000..02968773e05f5b49940901d1943438bb8cc60051
GIT binary patch
literal 131
zcmZQ%U|?VaVr+mBD98=O7bX@%rJ2BV$g&C)eheBv1<r>mL!-E~*%(<Eo6NbG!8QW`
D(i#V8

literal 0
HcmV?d00001