From 20648210a3a6dbf89ae24eba9f215883fb946ad8559fd65364f71a86916b7b9a Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 19 Mar 2024 08:49:25 +0000 Subject: [PATCH] Accepting request 1157811 from home:gary_lin:branches:devel:openSUSE:Factory - Update shim-install to set the SRK algorithm for grub2 TPM2 key protector (bsc#1213945) + 92d0f4305df73 Set the SRK algorithm for the TPM2 protector - Build with update-bootloader-rpm-macros and fde-tpm-helper-rpm-macros and update the %post and %posttrans macros correctly OBS-URL: https://build.opensuse.org/request/show/1157811 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim-leap?expand=0&rev=40 --- shim-install | 8 +++++++- shim-leap.changes | 10 ++++++++++ shim-leap.spec | 19 ++++++++++++++++++- 3 files changed, 35 insertions(+), 2 deletions(-) diff --git a/shim-install b/shim-install index 50ef385..70ade6b 100644 --- a/shim-install +++ b/shim-install @@ -390,8 +390,14 @@ prepare_cryptodisk () { fi fi + tpm_srk_alg="${GRUB_TPM2_SRK_ALG}" + + if [ -z "$tpm_srk_alg" ]; then + tpm_srk_alg="RSA" + fi + cat < + +- Update shim-install to set the SRK algorithm for grub2 TPM2 + key protector (bsc#1213945) + + 92d0f4305df73 Set the SRK algorithm for the TPM2 protector +- Build with update-bootloader-rpm-macros and + fde-tpm-helper-rpm-macros and update the %post and %posttrans + macros correctly + ------------------------------------------------------------------- Wed Jun 7 02:29:44 UTC 2023 - Gary Ching-Pang Lin diff --git a/shim-leap.spec b/shim-leap.spec index 2d057c5..db94119 100644 --- a/shim-leap.spec +++ b/shim-leap.spec @@ -1,7 +1,7 @@ # # spec file for package shim-leap # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -33,6 +33,8 @@ Group: System/Boot Source: shim-15.4-lp152.4.17.1.x86_64.rpm Source1: README Source2: shim-install +BuildRequires: fde-tpm-helper-rpm-macros +BuildRequires: update-bootloader-rpm-macros BuildRoot: %{_tmppath}/%{name}-%{version}-build ExclusiveArch: x86_64 @@ -43,6 +45,9 @@ does not exist Summary: UEFI shim loader Group: System/Boot Requires: perl-Bootloader +%if 0%{?fde_tpm_update_requires:1} +%fde_tpm_update_requires +%endif %description -n shim shim is a trivial EFI application that, when run, attempts to open and @@ -67,7 +72,19 @@ rm -rf %{buildroot}/usr/lib64/efi %endif %post -n shim +%if 0%{?fde_tpm_update_post:1} +%fde_tpm_update_post shim +%endif + +%if 0%{?update_bootloader_check_type_reinit_post:1} +%update_bootloader_check_type_reinit_post grub2-efi +%else /sbin/update-bootloader --reinit || true +%endif + +%posttrans -n shim +%{?update_bootloader_posttrans} +%{?fde_tpm_update_posttrans} %files -n shim %doc README