Sync from SUSE:ALP:Source:Standard:1.0 shim revision 2425476e169cbba2a05f50b0541b7410

2024-03-15 15:50:05 +01:00 · 2024-03-15 15:50:05 +01:00 · 51c58446ba
commit 51c58446ba
parent 13c1deac1b
3 changed files with 17 additions and 1 deletions
--- a/8
+++ b/8
@ -390,8 +390,14 @@ prepare_cryptodisk () {
    fi
  fi

+  tpm_srk_alg="${GRUB_TPM2_SRK_ALG}"
+
+  if [ -z "$tpm_srk_alg" ]; then
+    tpm_srk_alg="RSA"
+  fi
+
  cat <<EOF
-tpm2_key_protector_init -T \$prefix/$tpm_sealed_key
+tpm2_key_protector_init -a $tpm_srk_alg -T \$prefix/$tpm_sealed_key
 if ! cryptomount -u $uuid --protector tpm2; then
    cryptomount -u $uuid
 fi
--- a/shim.changes
+++ b/shim.changes
@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Thu Mar 14 06:05:12 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
+
+- Update shim-install to set the SRK algorithm for the grub2
+  TPM2 key protector (bsc#1213945)
+  92d0f4305df73  Set the SRK algorithm for the TPM2 protector
+- Add the missing BuildRequires: update-bootloader-rpm-macros
+  for the update_bootloader_* macros in %post and %posttrans
+
 -------------------------------------------------------------------
 Wed Sep 20 09:00:36 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>

--- a/shim.spec
+++ b/shim.spec
@ -43,6 +43,7 @@ Source5:        shim-debugsource-15.7-150300.4.16.1.aarch64.rpm
 Source6:        shim-install
 #BuildRequires:	shim-susesigned
 BuildRequires:  fde-tpm-helper-rpm-macros
+BuildRequires:  update-bootloader-rpm-macros
 Requires:       perl-Bootloader
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 # For shim-install script