pool/shim-leap
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1157811 from home:gary_lin:branches:devel:openSUSE:Factory

Browse Source 
- Update shim-install to set the SRK algorithm for grub2 TPM2
  key protector (bsc#1213945)
  + 92d0f4305df73 Set the SRK algorithm for the TPM2 protector
- Build with update-bootloader-rpm-macros and
  fde-tpm-helper-rpm-macros and update the %post and %posttrans
  macros correctly

OBS-URL: https://build.opensuse.org/request/show/1157811
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim-leap?expand=0&rev=40
This commit is contained in:
Gary Ching-Pang Lin 2024-03-19 08:49:25 +00:00 committed by Git OBS Bridge
parent 3a2248b45e
commit 20648210a3
3 changed files with 35 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
shim-install
View File

@ -390,8 +390,14 @@ prepare_cryptodisk () {
fi fi
fi fi
tpm_srk_alg="${GRUB_TPM2_SRK_ALG}"
if [ -z "$tpm_srk_alg" ]; then
tpm_srk_alg="RSA"
fi
cat <<EOF cat <<EOF
tpm2_key_protector_init -T \$prefix/$tpm_sealed_key tpm2_key_protector_init -a $tpm_srk_alg -T \$prefix/$tpm_sealed_key
if ! cryptomount -u $uuid --protector tpm2; then if ! cryptomount -u $uuid --protector tpm2; then
cryptomount -u $uuid cryptomount -u $uuid
fi fi

10
shim-leap.changes
View File

@ -1,3 +1,13 @@
-------------------------------------------------------------------
Thu Mar 14 05:58:13 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
- Update shim-install to set the SRK algorithm for grub2 TPM2
key protector (bsc#1213945)
+ 92d0f4305df73 Set the SRK algorithm for the TPM2 protector
- Build with update-bootloader-rpm-macros and
fde-tpm-helper-rpm-macros and update the %post and %posttrans
macros correctly
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jun 7 02:29:44 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com> Wed Jun 7 02:29:44 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>

19
shim-leap.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package shim-leap # spec file for package shim-leap
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -33,6 +33,8 @@ Group: System/Boot
Source: shim-15.4-lp152.4.17.1.x86_64.rpm Source: shim-15.4-lp152.4.17.1.x86_64.rpm
Source1: README Source1: README
Source2: shim-install Source2: shim-install
BuildRequires: fde-tpm-helper-rpm-macros
BuildRequires: update-bootloader-rpm-macros
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
ExclusiveArch: x86_64 ExclusiveArch: x86_64
@ -43,6 +45,9 @@ does not exist
Summary: UEFI shim loader Summary: UEFI shim loader
Group: System/Boot Group: System/Boot
Requires: perl-Bootloader Requires: perl-Bootloader
%if 0%{?fde_tpm_update_requires:1}
%fde_tpm_update_requires
%endif
%description -n shim %description -n shim
shim is a trivial EFI application that, when run, attempts to open and shim is a trivial EFI application that, when run, attempts to open and
@ -67,7 +72,19 @@ rm -rf %{buildroot}/usr/lib64/efi
%endif %endif
%post -n shim %post -n shim
%if 0%{?fde_tpm_update_post:1}
%fde_tpm_update_post shim
%endif
%if 0%{?update_bootloader_check_type_reinit_post:1}
%update_bootloader_check_type_reinit_post grub2-efi
%else
/sbin/update-bootloader --reinit || true /sbin/update-bootloader --reinit || true
%endif
%posttrans -n shim
%{?update_bootloader_posttrans}
%{?fde_tpm_update_posttrans}
%files -n shim %files -n shim
%doc README %doc README