pool/shim
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1141279 from home:lnussel:branches:devel:openSUSE:Factory

Browse Source 
- Generate dbx during build so we don't include binary files in sources

OBS-URL: https://build.opensuse.org/request/show/1141279
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=207
This commit is contained in:
Joey Lee 2024-02-15 08:27:36 +00:00 committed by Git OBS Bridge
parent ffda8d5b51
commit e4f7469733
18 changed files with 338 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitattributes vendored
View File

@ -21,5 +21,3 @@
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text
## Specific LFS patterns
vendor-dbx.bin filter=lfs diff=lfs merge=lfs -text

3
dbx-cert.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ce6458fd78dfe56700ddfc82b6e72de3823735c449400c06379234eaa12e8f85
size 8416

22
generate-vendor-dbx.sh Normal file
View File

@ -0,0 +1,22 @@
#!/bin/bash
set -e
# random UUID for SUSE
owner=353f0911-0788-451c-aaf7-31688391e8fd
: > vendor-dbx-opensuse.esl
: > vendor-dbx-sles.esl
# vendor dbx file with all certs for testing environment
: > vendor-dbx.esl
for cert in "$@"; do
esl="${cert##*/}"
esl="${cert%.crt}.esl"
cert-to-efi-sig-list -g "$owner" "$cert" "$esl"
case "$cert" in
*openSUSE*) cat "$esl" >> "vendor-dbx-opensuse.esl" ;;
*SLES*) cat "$esl" >> "vendor-dbx-sles.esl" ;;
esac
cat "$esl" >> "vendor-dbx.esl"
done

34
revoked-SLES-UEFI-SIGN-Certificate-2013-01.crt Normal file
View File

@ -0,0 +1,34 @@
-----BEGIN CERTIFICATE-----
MIIF/DCCA+SgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjEtMCsGA1UEAwwkU1VT
RSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYDVQQGEwJERTES
MBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4IFByb2R1Y3Rz
IEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0BCQEWDWJ1aWxk
QHN1c2UuZGUwHhcNMTMwMTIyMTQ1ODUxWhcNMjIxMjAxMTQ1ODUxWjCBqzEyMDAG
A1UEAwwpU1VTRSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IFNpZ25rZXkx
CzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0Ug
TGludXggUHJvZHVjdHMgR21iSDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqG
SIb3DQEJARYNYnVpbGRAc3VzZS5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAOVY/g3+3Bsa1JZ2hfU+7Fy28h0CKF0Sjqy8J4m9a8yKFoY6rb4hG9MK
o4wnCJfPab9flWXRk4PFiouI+0nmLJX74U0sq8nKw3Ijl0UojuthXc6CeZH4hIF5
HDoVhig3SfkUxdT1zZVF4mcYZ3Pf+UlROJ7JpY4sEhtYMY/DJW5qv2HwrzSw427V
R1upA18U7ddMF5fKoN8vjKVihUFSNK/Up0tOWalxfcG5s9ugjbJgZULsjfcs2+8t
og46QBjTaR7CtpmPbsaOJb1Z6BGDXsHV5GmaZG00TS0BwRn8mAQ1ske1eIpcqmBN
q5Mlh6BVaufBot0nXJp9Vnnuib4napkCAwEAAaOCASwwggEoMAwGA1UdEwEB/wQC
MAAwHQYDVR0OBBYEFD+wd7bOvG/yUi4cFIxXx3fHiOPnMIHTBgNVHSMEgcswgciA
FD1NQM+ThTkCSxz8WhLe3+ixfnVfoYGspIGpMIGmMS0wKwYDVQQDDCRTVVNFIExp
bnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYD
VQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0UgTGludXggUHJvZHVjdHMgR21i
SDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqGSIb3DQEJARYNYnVpbGRAc3Vz
ZS5kZYIBATAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJ
KoZIhvcNAQELBQADggIBAFs0xW7Uzi3a52ho92ninU9yy1doEodWf8f37zmq3Kxf
v/y+mFCFuMw5zps4xyK1xfDBmVZ6f5GMolfkPnioYzKujqTgFCmKDZXjXIgHEej5
h+xzCalIYT3XT+JsmKvvZKcFMV9/py7+okEhekyFdak6WbxinisyEh6a7I+edNzB
2/dPkbIS7x2UmlFzXvAYTCwOqMwCuOWsICK/NRrPlCEdkPJFq2HU11umtZ+U4eCM
bJcCY2pqIVLxrDgRIMoUeJ7N2XIcfKlP8cHn9eHVWRd+n/v3nlJRvBjlw2d9oTm2
EB0vfpp01ihr6yvkckLwWHdrRcmiy6OmtTScAEwpMGPmBcFiHIb1nxhPbKqqw9Xb
t/y8tLRf6HvuhaApJhj3/ZBNLTLRSHk4O4DO4p3GpupPTvfxkx9cg/TxcF0kabPF
+dwu5cbRZpvBmkQ947aul0y+3QRHgIhmyqdZzC2OuL6Sl74zZc3BgsQsBFeIN4gz
YBsXtzyEVFsmSSj2ci+9JM8HCfeL0Ux7TeyoN5jAW5F7c8BSBBSSafZYUtq3DZHR
8ILtz5L7cCLkZY3da5a/csVz3zicnrAG8uiU91Jy6hVh+Y83vARz6hp8O/tX4o00
9ff5zunFUwyN3/krDEoX6dXMcSh8UftjzvFOYCUfF+cDt9eV8Ix0dcfP/cenyv/t
-----END CERTIFICATE-----

29
revoked-SLES-UEFI-SIGN-Certificate-2013-04.crt Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjEtMCsGA1UEAwwkU1VT
RSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYDVQQGEwJERTES
MBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4IFByb2R1Y3Rz
IEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0BCQEWDWJ1aWxk
QHN1c2UuZGUwHhcNMTMwNDE4MTQzNDM0WhcNMjMwMjI1MTQzNDM0WjCBqzEyMDAG
A1UEAwwpU1VTRSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IFNpZ25rZXkx
CzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0Ug
TGludXggUHJvZHVjdHMgR21iSDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqG
SIb3DQEJARYNYnVpbGRAc3VzZS5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAOVY/g3+3Bsa1JZ2hfU+7Fy28h0CKF0Sjqy8J4m9a8yKFoY6rb4hG9MK
o4wnCJfPab9flWXRk4PFiouI+0nmLJX74U0sq8nKw3Ijl0UojuthXc6CeZH4hIF5
HDoVhig3SfkUxdT1zZVF4mcYZ3Pf+UlROJ7JpY4sEhtYMY/DJW5qv2HwrzSw427V
R1upA18U7ddMF5fKoN8vjKVihUFSNK/Up0tOWalxfcG5s9ugjbJgZULsjfcs2+8t
og46QBjTaR7CtpmPbsaOJb1Z6BGDXsHV5GmaZG00TS0BwRn8mAQ1ske1eIpcqmBN
q5Mlh6BVaufBot0nXJp9Vnnuib4napkCAwEAAaOCASwwggEoMAwGA1UdEwEB/wQC
MAAwHQYDVR0OBBYEFD+wd7bOvG/yUi4cFIxXx3fHiOPnMIHTBgNVHSMEgcswgciA
FOyrDULEVs93BDa5c5k4YpZehyYvoYGspIGpMIGmMS0wKwYDVQQDDCRTVVNFIExp
bnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYD
VQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0UgTGludXggUHJvZHVjdHMgR21i
SDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqGSIb3DQEJARYNYnVpbGRAc3Vz
ZS5kZYIBATAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJ
KoZIhvcNAQELBQADggEBAFEYo0sWgMCODHZEHWcoltp5RMcVj2DAYfw2NePbPqxW
AmIgpMU0yG01JPbwJZu6dcuNeYoytgfDrSRLuloKm0JR8oR3+G7/oxbKQCxtMubB
Qdflq7PIz73b/JSGiV5Pi77f9oAHijgnKEZrz4obs6sFp2gvuMvJ4w9jteCaofpq
IDNhu7i2KFx4rC6FYF/p6V9xnVwOnZS1G56cJALfP/7kOD4k3TVSMiE2FCS3wLwR
RI7VE0I/3oJHsi8CR++CT1BI02PI+EWgRcuW8jOzJ3+tYa77HCKpXNyIi7/L5QAK
N5ZinPyv68tae+GHkL5U2FxLY365gABSXqXUA9mTquU=
-----END CERTIFICATE-----

29
revoked-SLES-UEFI-SIGN-Certificate-2016-02.crt Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjEtMCsGA1UEAwwkU1VT
RSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYDVQQGEwJERTES
MBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4IFByb2R1Y3Rz
IEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0BCQEWDWJ1aWxk
QHN1c2UuZGUwHhcNMTYwMjI0MTUzMDI3WhcNMjYwMTAyMTUzMDI3WjCBqzEyMDAG
A1UEAwwpU1VTRSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IFNpZ25rZXkx
CzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0Ug
TGludXggUHJvZHVjdHMgR21iSDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqG
SIb3DQEJARYNYnVpbGRAc3VzZS5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAOVY/g3+3Bsa1JZ2hfU+7Fy28h0CKF0Sjqy8J4m9a8yKFoY6rb4hG9MK
o4wnCJfPab9flWXRk4PFiouI+0nmLJX74U0sq8nKw3Ijl0UojuthXc6CeZH4hIF5
HDoVhig3SfkUxdT1zZVF4mcYZ3Pf+UlROJ7JpY4sEhtYMY/DJW5qv2HwrzSw427V
R1upA18U7ddMF5fKoN8vjKVihUFSNK/Up0tOWalxfcG5s9ugjbJgZULsjfcs2+8t
og46QBjTaR7CtpmPbsaOJb1Z6BGDXsHV5GmaZG00TS0BwRn8mAQ1ske1eIpcqmBN
q5Mlh6BVaufBot0nXJp9Vnnuib4napkCAwEAAaOCASwwggEoMAwGA1UdEwEB/wQC
MAAwHQYDVR0OBBYEFD+wd7bOvG/yUi4cFIxXx3fHiOPnMIHTBgNVHSMEgcswgciA
FOyrDULEVs93BDa5c5k4YpZehyYvoYGspIGpMIGmMS0wKwYDVQQDDCRTVVNFIExp
bnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYD
VQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0UgTGludXggUHJvZHVjdHMgR21i
SDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqGSIb3DQEJARYNYnVpbGRAc3Vz
ZS5kZYIBATAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJ
KoZIhvcNAQELBQADggEBAKMaX+dWtp9Y9SW1XvV3xc/sAURe1uZfEBcd7g+yu9ff
q/n9pbWW4gz9LtuIudi/CmltNlKHEQnB/RSgAd4VB28g7GeJNKVTn+5z7evgWUOz
tEB0tHgTfVCx6dYoIsNxT9atIVHREDPXef/s2TARKfpd77BG+X0+ZsvQe8NuooP1
B+qwl1rXR+cw46Q7dgM5XG418OPZsqHhk/AyC4/slHx65rQ//PBsgSANx8bBUr5Z
nDzy1X/0aZqB56/e2sscuhjs7IcXNftztewsNB7w4XtmOuVZpj2obAhbWshPaMLY
4PSS6JTVT/vhDJUJknm4XqbE16d0dSZPn8y1t6Ua0PM=
-----END CERTIFICATE-----

29
revoked-SLES-UEFI-SIGN-Certificate-2020-07.crt Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIJAO2HhbeP/BJ0MA0GCSqGSIb3DQEBCwUAMIGmMS0wKwYD
VQQDDCRTVVNFIExpbnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNV
BAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0UgTGludXgg
UHJvZHVjdHMgR21iSDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqGSIb3DQEJ
ARYNYnVpbGRAc3VzZS5kZTAeFw0yMDA3MjMxNDA3MThaFw0yNDA3MjIxNDA3MTha
MIGrMTIwMAYDVQQDDClTVVNFIExpbnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3Qg
U2lnbmtleTELMAkGA1UEBhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEhMB8GA1UE
CgwYU1VTRSBMaW51eCBQcm9kdWN0cyBHbWJIMRMwEQYDVQQLDApCdWlsZCBUZWFt
MRwwGgYJKoZIhvcNAQkBFg1idWlsZEBzdXNlLmRlMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAwrRYIcn7XQ2/nQfdCUM7EUzIfYB5Lra03/q9nggEfUke
N5O9qmA9uFWTvgdq2Nh8hia16TawyHMFyUd/PsdU2/pVydC6+OGDxE1sRJvu0pzP
3wvr+QQXnDjBYon+AGkuw/K8baUInl/1He2idCIB7pH3tGjj6jcorK70yZHU5Hl1
UwuQXlfQpG3zEJy1yZ7fg3RxAQ/716BOy1CceK0qCLi/qgR8w5GE92Xg1CHZe62u
I+9EmhXBbY2UcsfxRGEtdCU55L0R/MtHztfVHZw9Vazw8rCCvBjwPOxxjUx5It5N
yG0JaYXgAXqRXE88Gwo9VlEWNOKrC0vUUfxA63IZ0wIDAQABo4IBLDCCASgwDAYD
VR0TAQH/BAIwADAdBgNVHQ4EFgQUSrDGl8kQcydsJ97/PCIPsAfh3mEwgdMGA1Ud
IwSByzCByIAU7KsNQsRWz3cENrlzmThill6HJi+hgaykgakwgaYxLTArBgNVBAMM
JFNVU0UgTGludXggRW50ZXJwcmlzZSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMC
REUxEjAQBgNVBAcMCU51cmVtYmVyZzEhMB8GA1UECgwYU1VTRSBMaW51eCBQcm9k
dWN0cyBHbWJIMRMwEQYDVQQLDApCdWlsZCBUZWFtMRwwGgYJKoZIhvcNAQkBFg1i
dWlsZEBzdXNlLmRlggEBMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEF
BQcDAzANBgkqhkiG9w0BAQsFAAOCAQEAazJCs7IIjYUma9ZT1NLJZ7QSy/d6oAaW
E6JI1u3LHancnU3kXH19U7z1mni74OQdlsbIyfddR+AIvIu1RrepQ6BHNVrXO90J
LxvORpholbgeXk/FdIHWFu6AhL2jg8UM4Jxq/P3FxckGj25LxCPgd5C/L5ITufhf
1yPQ3CDxqfUiqlfdrQCROJ21sErLoYXoZim5pd1kT5vimyVrdaLM7eTq6G5LbKZ3
/TqRXPpVzwZGXXeZvM5s55kGKqNTUIZ2Cft5g9CBkRZujJ5gLGToxUHYbb6Fj5UT
Xr5Yh68j1IgvhQz+abALb/87Z3r2V+BWh1icc0rnCli1ulmZMd0H8A==
-----END CERTIFICATE-----

29
revoked-SLES-UEFI-SIGN-Certificate-2021-05.crt Normal file
View File

@ -0,0 +1,29 @@
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIJAO2HhbeP/BJ+MA0GCSqGSIb3DQEBCwUAMIGmMS0wKwYD
VQQDDCRTVVNFIExpbnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNV
BAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0UgTGludXgg
UHJvZHVjdHMgR21iSDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqGSIb3DQEJ
ARYNYnVpbGRAc3VzZS5kZTAeFw0yMTAzMDgxMDE1MDhaFw0zMDEyMzExMDE1MDha
MIGrMTIwMAYDVQQDDClTVVNFIExpbnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3Qg
U2lnbmtleTELMAkGA1UEBhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEhMB8GA1UE
CgwYU1VTRSBMaW51eCBQcm9kdWN0cyBHbWJIMRMwEQYDVQQLDApCdWlsZCBUZWFt
MRwwGgYJKoZIhvcNAQkBFg1idWlsZEBzdXNlLmRlMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAtvApQ4qgxDibOpYufFyQG3HDsQvwjPfrQHdYqkcKDZvz
hKFJSpAu4gulkuKnOeMO1+ecpOC9f0G6mbIwYCsM/GKBCUKRQZPOB5eSeGU+NJaI
XV6IimhfYi3MXmheVrP64Xd6pvcn/iplk2IPLbbdjIeiSImg1xtfnrcaWa+tzOMu
MAQfF4wUlVnFF4Pnh0goS2sv2Lj3fVQ4XV7d8bsB9gwdWSQQMwbSb5SXoiLZOIrZ
iI/n6DD5UL8Yap+2f5sBXA1MtonX91MSUu68Vh7l/9UXEntkx5byOdRAKxndIpnP
QQazhXtQoFskPtVzKs+8jIemDOosn7cTkBgOEP49iQIDAQABo4IBLDCCASgwDAYD
VR0TAQH/BAIwADAdBgNVHQ4EFgQUWiQESdKf0NinoYfm/A4muV0aqHswgdMGA1Ud
IwSByzCByIAU7KsNQsRWz3cENrlzmThill6HJi+hgaykgakwgaYxLTArBgNVBAMM
JFNVU0UgTGludXggRW50ZXJwcmlzZSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMC
REUxEjAQBgNVBAcMCU51cmVtYmVyZzEhMB8GA1UECgwYU1VTRSBMaW51eCBQcm9k
dWN0cyBHbWJIMRMwEQYDVQQLDApCdWlsZCBUZWFtMRwwGgYJKoZIhvcNAQkBFg1i
dWlsZEBzdXNlLmRlggEBMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEF
BQcDAzANBgkqhkiG9w0BAQsFAAOCAQEAqFI4lVQf3heh0TWrZwc0ej30p1EhVJms
NxCy/mtn6IDkRzmzAe9F/Tx5B6Kytjtj2WvU2mOhjDW61Tdvk2UBqlapTbT0X2oF
Co4ww8gm2uDyY3nCEM0jdPj8XnA+T+raxwcw6NosK3J6g+bEWjkX0lWryl1jgxuA
q3zup4t2rl792z+nAUAmCSrsYeQQxnKIeCvZCYMGgixSoYrv2SxD8hTFC8XW606v
ITVb9fxaYF1cCjCLjhkQpnegViT0mV5QcPW/IIjqKla1N9sH26buFwcJIHXQRB4h
1boVtIqiQZOe4BjGRTvRILGOa/WXn8UhQvMc39bCr1SxMRvpCV7zKw==
-----END CERTIFICATE-----

32
revoked-openSUSE-UEFI-SIGN-Certificate-2013-01.crt Normal file
View File

@ -0,0 +1,32 @@
-----BEGIN CERTIFICATE-----
MIIFjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgTEgMB4GA1UEAwwXb3Bl
blNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJl
bWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEW
EmJ1aWxkQG9wZW5zdXNlLm9yZzAeFw0xMzAxMjgxNTEwMjhaFw0yMjEyMDcxNTEw
MjhaMIGGMSUwIwYDVQQDDBxvcGVuU1VTRSBTZWN1cmUgQm9vdCBTaWdua2V5MQsw
CQYDVQQGEwJERTESMBAGA1UEBwwJTnVyZW1iZXJnMRkwFwYDVQQKDBBvcGVuU1VT
RSBQcm9qZWN0MSEwHwYJKoZIhvcNAQkBFhJidWlsZEBvcGVuc3VzZS5vcmcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLNeCcz9j3S+vjlCzyEXczhpwo
HRneRWkhXqCUSgu1QS5nAWuRdjqFZipji4cr6JSKEm4lE7AHPygrdiU+KbJVQuc7
RCQdt5kyy0TStIjLqU+nswa+XKruKwQJquxYY1rIYsfZaEP7vQ6S/0zsAkS8lcmf
0b4h+PSybVoK1U2YZczBjO/f8p/aRQV2+RrAi9UcBfLAuEqwEt9DytULGEazA77N
p9cBgPHFyu7ZOh9KM31QAavXOkhuYllzYh447zIx7lgYfVkFivt91A1enUeb2K+2
EZ885xOE5ADsCpeJIpDzFObfwXUHrSQ42OCP9rnA20XjboFcHinQeK5sp0sfAgMB
AAGjggEHMIIBAzAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQDMvqcvw2IvyGSSw3o
KgmlTV3vyDCBrgYDVR0jBIGmMIGjgBSZDSa38E3ZzmTn0Y79aHtKXeKGpaGBh6SB
hDCBgTEgMB4GA1UEAwwXb3BlblNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYT
AkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2pl
Y3QxITAfBgkqhkiG9w0BCQEWEmJ1aWxkQG9wZW5zdXNlLm9yZ4IBATAOBgNVHQ8B
Af8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggIB
AK25J4ntAoU8yF37KEUEFnh0WElBVYinTCB3VVNq0nJbcLq2Ak/yPb4/hVJGvUQx
M2EgafGBfjA6sVvqvZEqbn0bQnSTJqjlwAUpzVB9ll3vanT0SwwmRdbHtFLfkmfc
6sv7dUsizScXeth2C7vf2rxqJKBIdCs7EkUWibKm34y59wJYqsZT/jLeFraLi/+R
NWeiWY9AlyXm5QzNqEr3qqhVQohKI0gRUwJS0dx3xSMFd8td+q+22iYuNMx2Dk3A
D9HenFMZiSw4r+8R5mm8Dn6DJEB7Y5mJhR1zZk7Q3gVhwjeR/sdrIF9K8tSkyIHt
T4f+qNF1vBfQ9+8zHqQ/X2o2Cky/eyW9rx3V/fYLOXzOdbxIy5nDOd5gbXIDoZNV
cJn/af+MgMrUI7vqDZ1A1UmwKSAJRZjIJCX+2mjrAtQl9W7h8qZt2Hgq/4zCCNSH
v4gGoDtYEtcvs1kqS56/XQRyZikDfEUkBE1hXOW4hepuS9Zs6LihGpKSffqQH0Oy
gvCaWjLNzErjx5Hl9pTvH2qkLLX6P1i/YubW+3E6AuDks9u6eF78GkKb6ALsczQf
jHf22C1rl9y3Ex+9q3vKzeo9HtIBv/FEyt+GEzdCXdf4Lmjmf1l1uBX6+EJFAVsG
UPxqiJZLOo8dEbWIDzoxE8vXjZTNFBA9mkYmipdZwGaV
-----END CERTIFICATE-----

27
revoked-openSUSE-UEFI-SIGN-Certificate-2013-08.crt Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgTEgMB4GA1UEAwwXb3Bl
blNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJl
bWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEW
EmJ1aWxkQG9wZW5zdXNlLm9yZzAeFw0xMzA4MjYxNjE4MzdaFw0yMzA3MDUxNjE4
MzdaMIGGMSUwIwYDVQQDDBxvcGVuU1VTRSBTZWN1cmUgQm9vdCBTaWdua2V5MQsw
CQYDVQQGEwJERTESMBAGA1UEBwwJTnVyZW1iZXJnMRkwFwYDVQQKDBBvcGVuU1VT
RSBQcm9qZWN0MSEwHwYJKoZIhvcNAQkBFhJidWlsZEBvcGVuc3VzZS5vcmcwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLNeCcz9j3S+vjlCzyEXczhpwo
HRneRWkhXqCUSgu1QS5nAWuRdjqFZipji4cr6JSKEm4lE7AHPygrdiU+KbJVQuc7
RCQdt5kyy0TStIjLqU+nswa+XKruKwQJquxYY1rIYsfZaEP7vQ6S/0zsAkS8lcmf
0b4h+PSybVoK1U2YZczBjO/f8p/aRQV2+RrAi9UcBfLAuEqwEt9DytULGEazA77N
p9cBgPHFyu7ZOh9KM31QAavXOkhuYllzYh447zIx7lgYfVkFivt91A1enUeb2K+2
EZ885xOE5ADsCpeJIpDzFObfwXUHrSQ42OCP9rnA20XjboFcHinQeK5sp0sfAgMB
AAGjggEHMIIBAzAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQDMvqcvw2IvyGSSw3o
KgmlTV3vyDCBrgYDVR0jBIGmMIGjgBRoQmAN4ixMR36VviPf6pUT5ZcXYqGBh6SB
hDCBgTEgMB4GA1UEAwwXb3BlblNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYT
AkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2pl
Y3QxITAfBgkqhkiG9w0BCQEWEmJ1aWxkQG9wZW5zdXNlLm9yZ4IBATAOBgNVHQ8B
Af8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggEB
AI3sxNvPFB/+Cjj9GVCvNbaOGFV+5X6Dd7ZMJat0xI93GS+FvUOO1i53iCpnfSld
gE+2chifX2W3u6RyiJTTfwke4EVU4GWjFy78WwwszCih0byVa/YSQguvPuMjvQY6
mw+exom0ri68328yWb1oCDaPOhI9Fr51hj50yUWWBbmpu2YPi5blN6CBE+9B2cbp
HVDPxoUWjYJ9leK951nfSu0E1+cLNYDpZ39h4dBHNvU1a3AueVKIXyEYaiwy0VDS
8CQJluUCE4eLlt/cbJqMs0/iY7nRnbVOOyZUYTYxq7ACvDrMyStkfdR4KLDzvLWo
8Gu+1aY2qw6wZ+TKiiRRYjQ=
-----END CERTIFICATE-----

27
revoked-openSUSE-UEFI-SIGN-Certificate-2020-01.crt Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIElTCCA32gAwIBAgIJAPq+2L9Aml5gMA0GCSqGSIb3DQEBCwUAMIGBMSAwHgYD
VQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMCREUxEjAQBgNV
BAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNVU0UgUHJvamVjdDEhMB8GCSqG
SIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnMB4XDTIwMDEwODE2MjU1NFoXDTI5
MTExNjE2MjU1NFowgYYxJTAjBgNVBAMMHG9wZW5TVVNFIFNlY3VyZSBCb290IFNp
Z25rZXkxCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxGTAXBgNVBAoM
EG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEWEmJ1aWxkQG9wZW5zdXNl
Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMs14JzP2PdL6+OU
LPIRdzOGnCgdGd5FaSFeoJRKC7VBLmcBa5F2OoVmKmOLhyvolIoSbiUTsAc/KCt2
JT4pslVC5ztEJB23mTLLRNK0iMupT6ezBr5cqu4rBAmq7FhjWshix9loQ/u9DpL/
TOwCRLyVyZ/RviH49LJtWgrVTZhlzMGM79/yn9pFBXb5GsCL1RwF8sC4SrAS30PK
1QsYRrMDvs2n1wGA8cXK7tk6H0ozfVABq9c6SG5iWXNiHjjvMjHuWBh9WQWK+33U
DV6dR5vYr7YRnzznE4TkAOwKl4kikPMU5t/BdQetJDjY4I/2ucDbReNugVweKdB4
rmynSx8CAwEAAaOCAQcwggEDMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFAMy+py/
DYi/IZJLDegqCaVNXe/IMIGuBgNVHSMEgaYwgaOAFGhCYA3iLExHfpW+I9/qlRPl
lxdioYGHpIGEMIGBMSAwHgYDVQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTEL
MAkGA1UEBhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNV
U0UgUHJvamVjdDEhMB8GCSqGSIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnggEB
MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0B
AQsFAAOCAQEAUWNziRn2X/uOcFWaCkKqIVa0xlk8joaztllVkRLoDpv97O6p087k
OOfqNsv1gUgIHqQvZ9Z2woQcpd2gUa0uj5yqpqSGp0eSEtBOOKApVuybplTDSyC3
6ENwF5BKMJ8ysURsIx6ZGCq1PbaruA28sG/XFrhxjezLwN9mcmLd6nCd4xmPuH78
IsHPP6c6VzrFtNN3yP5ZIs9bIzDHTf2qGXvVYhLBrNuTczTwUzeSfKG+qpP/dO1I
EGtd7tTFPTqNwXkWq3oat9TVYMdPLRWWZ2zzE65k0rdSSJTgc/1Z4WSKb55J6FMP
8MJRwgi62+9JF6hsBy7WuBE8cWvtIwbyYA==
-----END CERTIFICATE-----

27
revoked-openSUSE-UEFI-SIGN-Certificate-2020-07.crt Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIElTCCA32gAwIBAgIJAPq+2L9Aml5jMA0GCSqGSIb3DQEBCwUAMIGBMSAwHgYD
VQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMCREUxEjAQBgNV
BAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNVU0UgUHJvamVjdDEhMB8GCSqG
SIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnMB4XDTIwMDgwMzEyMzUzOVoXDTMw
MDYxMjEyMzUzOVowgYYxJTAjBgNVBAMMHG9wZW5TVVNFIFNlY3VyZSBCb290IFNp
Z25rZXkxCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxGTAXBgNVBAoM
EG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEWEmJ1aWxkQG9wZW5zdXNl
Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKVKfWLm7OvwYpDO
4s0qzbUDWG2GTlxFOkZe4XaFsjxAnmuXZTVm1SJ3N12zSdRH60YMqcns7yuISYQz
0K79shGDOfktO8iqxSE0JdUvhEFnJUECaXYAq+ioiSwkm7QQWhHAUE3htshJeMt4
SK4dTGmTQNQBKCZ3xQTTHi1sOl8wYt0QdhkucqvgDUyPaxHrI4LV1OV9R3XjGclG
ZD6QEkXLhVcir2yLIA9G1qPZDXpNbrdfSx3GDEnSsD+GS0D/k5oe32w1KGMnEM/S
fYrY1nsP6/k0hVO1KH9WJWV/DUoyO/4U75C6swg7SVTxyigT3s92/UV4N9Es5kZv
aHhsuncCAwEAAaOCAQcwggEDMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMi9x6wa
HYWWYhf9k+v8FPSiALgUMIGuBgNVHSMEgaYwgaOAFGhCYA3iLExHfpW+I9/qlRPl
lxdioYGHpIGEMIGBMSAwHgYDVQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTEL
MAkGA1UEBhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNV
U0UgUHJvamVjdDEhMB8GCSqGSIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnggEB
MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0B
AQsFAAOCAQEAS1NWAHYBV1uaK7wE6c+Xz8t4c2hgTkFR4E0iVZ+2aTz8OFzztQZq
CyZ9QYgSpApmvwmgFEQog6UUzw2f19W7qhIskDHfhBmK2uQtazHZ/Pd8oXyHrbgK
TVh7GDc9OjrZe2wg03Q0N/KVUHD5lKYXY4rfAqKdc1XKfo7t8GIu+TnWDLXWVI40
oDIXwSmg+JOZFXpf9cxZ2zENZnsaH0KTKNk6bNq8wjum4W54Tgk7UbDE6roJp5C3
7cUt/j+dL00gyFK66PFR1wXflZFtKixxVbMOLa13ZldsuNs0ye6whPqIKZ9ev4M4
rjWQD5k14Ui+48/MDJt4Nc2Sm1LYrdXJMw==
-----END CERTIFICATE-----

27
revoked-openSUSE-UEFI-SIGN-Certificate-2021-05.crt Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIElTCCA32gAwIBAgIJAPq+2L9Aml5kMA0GCSqGSIb3DQEBCwUAMIGBMSAwHgYD
VQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMCREUxEjAQBgNV
BAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNVU0UgUHJvamVjdDEhMB8GCSqG
SIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnMB4XDTIxMDMwMjEzMDE1NFoXDTMx
MDEwOTEzMDE1NFowgYYxJTAjBgNVBAMMHG9wZW5TVVNFIFNlY3VyZSBCb290IFNp
Z25rZXkxCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxGTAXBgNVBAoM
EG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEWEmJ1aWxkQG9wZW5zdXNl
Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLI9AESuA0aqXLg
RwX7lU1td6HhC3Oj+kwKJJvF/kwA+1viW/1cC4vS9muigFHe3b4CPwZ9WRxb5Wyi
3nxP1fjYwFmygBnqWvzMTxGZBFuhcQQpSPDbjWOEiFspVZbvkBF7t0cu1EcpKaHl
+pPqVdWrh11mk7bSjnYGAZ0BFHQ3bnhCuH1+p4PIMLAFZIRQ9suW9t5caOoHK6pi
fisOYy+WR3a/2AFTCZIdZIueVpvPHhGgjEDoE0wnoAg5lKDn+SAUS7JiWy/hdT2U
c/OjH1onXi99kTWDOMwQA+g2d7JAPtLuepcKpiUbFaR+7KJYWhkfit6WYz40sC6Q
PMAHIj8CAwEAAaOCAQcwggEDMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJ3fQ9nx
oCcnP1LGwHdZCO4BZxMlMIGuBgNVHSMEgaYwgaOAFGhCYA3iLExHfpW+I9/qlRPl
lxdioYGHpIGEMIGBMSAwHgYDVQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTEL
MAkGA1UEBhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNV
U0UgUHJvamVjdDEhMB8GCSqGSIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnggEB
MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0B
AQsFAAOCAQEAnjK7rL3T/Fu443EQSB3cV2V84pQcOcQf3dCSx8VT14ZTgkp1RGM4
qr4V8foA7Fyr9UE+x2zEMzcVy2eZ2aihO/qaQ/JGZi8cp1pjq0nNMUQjgXF0YGyn
Qanjb/48V5eOF9Z1h/wQ0HISTdkwsvGUS0leHT3LjXWNRL9QBp1Qi5A5IE5t8vpX
OxAvHNTsKsx6x2p8R3yVLX7rY84xvBJCqHDY9tYDQ2VbVX7CEw5x9FffobYpY/s1
lCV/fhOThm/q/p9Pr3hydxKP4PoxxwBtII/p0zJTMWEEfOsK/zAS3v8Ltlz83gTk
WX+2oXpj/WRFsYWIEXTPwEm4MwYWxw5rMw==
-----END CERTIFICATE-----

5
shim.changes
View File

@ -85,6 +85,11 @@ Sun Jan 28 09:32:32 UTC 2024 - Dennis Tseng <dennis.tseng@suse.com>
1770a03 gitmodules: use shim-15.8 for gnu-efi branch
5914984 (HEAD -> main, tag: latest-release, tag: 15.8, origin/main, origin/HEAD) Bump version to 15.8
-------------------------------------------------------------------
Wed Jan 24 12:40:36 UTC 2024 - Ludwig Nussel <lnussel@suse.com>
- Generate dbx during build so we don't include binary files in sources
-------------------------------------------------------------------
Thu Oct 5 13:19:48 UTC 2023 - Ludwig Nussel <lnussel@suse.com>

29
shim.spec
View File

@ -59,11 +59,19 @@ Source10: strip_signature.sh
Source11: signature-sles.x86_64.asc
Source12: signature-opensuse.aarch64.asc
Source13: signature-sles.aarch64.asc
Source50: dbx-cert.tar.xz
# vendor-dbx*.bin are generated by generate-vendor-dbx.sh in dbx-cert.tar.xz
Source51: vendor-dbx.bin
Source52: vendor-dbx-sles.bin
Source53: vendor-dbx-opensuse.bin
Source14: generate-vendor-dbx.sh
# revoked certificates for dbx
Source50: revoked-openSUSE-UEFI-SIGN-Certificate-2013-01.crt
Source51: revoked-openSUSE-UEFI-SIGN-Certificate-2013-08.crt
Source52: revoked-openSUSE-UEFI-SIGN-Certificate-2020-01.crt
Source53: revoked-openSUSE-UEFI-SIGN-Certificate-2020-07.crt
Source54: revoked-openSUSE-UEFI-SIGN-Certificate-2021-05.crt
Source55: revoked-SLES-UEFI-SIGN-Certificate-2013-01.crt
Source56: revoked-SLES-UEFI-SIGN-Certificate-2013-04.crt
Source57: revoked-SLES-UEFI-SIGN-Certificate-2016-02.crt
Source58: revoked-SLES-UEFI-SIGN-Certificate-2020-07.crt
Source59: revoked-SLES-UEFI-SIGN-Certificate-2021-05.crt
###
Source99: SIGNATURE_UPDATE.txt
# PATCH-FIX-SUSE shim-arch-independent-names.patch glin@suse.com -- Use the Arch-independent names
Patch1: shim-arch-independent-names.patch
@ -76,6 +84,7 @@ Patch4: remove_build_id.patch
# PATCH-FIX-SUSE shim-disable-export-vendor-dbx.patch bsc#1185261 glin@suse.com -- Disable exporting vendor-dbx to MokListXRT
Patch5: shim-disable-export-vendor-dbx.patch
BuildRequires: dos2unix
BuildRequires: efitools
BuildRequires: mozilla-nss-tools
BuildRequires: openssl >= 0.9.8
BuildRequires: pesign
@ -140,6 +149,10 @@ distro_sbat=1
sbat="shim.${distro_id},${distro_sbat},${distro_name},%{name},%{version},mail:security@suse.de"
echo "${sbat}" > data/sbat.vendor.csv
# generate dbx files based on revoked certs
bash %{_sourcedir}/generate-vendor-dbx.sh %{_sourcedir}/revoked-*.crt
ls -al *.esl
# first, build MokManager and fallback as they don't depend on a
# specific certificate
make RELEASE=0 \
@ -173,7 +186,7 @@ for suffix in "${suffixes[@]}"; do
if test "$suffix" = "opensuse"; then
cert=%{SOURCE2}
verify='openSUSE Secure Boot CA1'
vendor_dbx=%{SOURCE53}
vendor_dbx='vendor-dbx-opensuse.esl'
%ifarch x86_64
signature=%{SOURCE1}
%else
@ -185,7 +198,7 @@ for suffix in "${suffixes[@]}"; do
elif test "$suffix" = "sles"; then
cert=%{SOURCE4}
verify='SUSE Linux Enterprise Secure Boot CA1'
vendor_dbx=%{SOURCE52}
vendor_dbx='vendor-dbx-opensuse.esl'
%ifarch x86_64
signature=%{SOURCE11}
%else
@ -195,7 +208,7 @@ for suffix in "${suffixes[@]}"; do
elif test "$suffix" = "devel"; then
cert=%{_sourcedir}/_projectcert.crt
verify=`openssl x509 -in "$cert" -noout -email`
vendor_dbx=%{SOURCE51}
vendor_dbx='vendor-dbx.esl'
signature=''
test -e "$cert" || continue
else

BIN
vendor-dbx-opensuse.bin
View File

Binary file not shown.

BIN
vendor-dbx-sles.bin
View File

Binary file not shown.

3
vendor-dbx.bin
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:52bb4f6ec072142320cac802aa92eacf0130df641631a8abddf0d4d7507b456b
size 10684