98d14fa9f7
shim.changes: Update change log for shim-install add ca_string for
...
SL Micro to update fallback loader
2025-12-16 21:42:08 +08:00
f651ba5605
shim-install: Add ca_string for SL Micro to update fallback loader
...
The fallback loader, /boot/efi/EFI/BOOT/bootaa64.efi or bootx64.efi,
cannot be upgraded by shim-install on SL Micro. The issue case is
SL Micro 6.0. It causes that system gets regression bug because it's
fallback to a old shim. So this patch adds ca_string to SL Micro.
(bsc#1254336)
Signed-off-by: Chun-Yi Lee <jlee@suse.com >
2025-12-16 21:41:31 +08:00
5937dd369f
shim-leap.changes: Updated changelog for pretrans Lua script
...
(bsc#1254679)
2025-12-16 21:41:05 +08:00
f3afb2a902
shim.spec: Always put SUSE Linux Enterprise Secure Boot CA to target array
...
Similar to shim-leap.spec, slfo-1.2/shim.spec does not have
SLE key in SLE-15-SP3/shim. It causes that the _projectcert.crt
can not be found by shim-leap which means the SLE CA can not be
added to the target certificates array in pretrans Lua script.
Let's always put SUSE Linux Enterprise Secure Boot CA to target
certificates. (bsc#1254679)
2025-12-16 21:40:43 +08:00
8fed7e233e
shim.spec: Add a pretrans script to verify that the necessary certificate is in the UEFI db
...
The pretrans script is written by Lua which is directly copied from
shim.spec to shim-leap.spec.
This patch also included the fixing for shim-leap.spec. (bsc#1254679)
2025-12-16 21:39:59 +08:00
6b2363e4fb
certificates: Add DER format certificate files
...
- Add DER format certificate files for the pretrans script to verify
that the necessary certificate is in the UEFI db
- openSUSE Secure Boot CA, 2013-2035
openSUSE_Secure_Boot_CA_2013.crt
- SUSE Linux Enterprise Secure Boot CA, 2013-2035
SUSE_Linux_Enterprise_Secure_Boot_CA_2013.crt
- Microsoft Corporation UEFI CA 2011, 2011-2026
Microsoft_Corporation_UEFI_CA_2011.crt
- Microsoft UEFI CA 2023, 2023-2038
Microsoft_UEFI_CA_2023.crt
- Those two Microsoft certificates are from Microsoft document:
Windows Secure Boot Key Creation and Management Guidance, 05/19/2022
https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-secure-boot-key-creation-and-management-guidance?view=windows-11
------------------------------------------------------------------------
1. Microsoft Corporation UEFI CA 2011
SHA-1 cert hash: 46DEF63B5CE61CF8BA0DE2E6639C1019D0ED14F3.
SignatureOwner GUID: {77fa9abd-0359-4d32-bd60-28f4e78f784b}.
Microsoft will provide the certificate to partners and it can be
added either as an EFI_CERT_X509_GUID or an EFI_CERT_RSA2048_GUID
type signature.
The Microsoft Corporation UEFI CA 2011 can be downloaded from
here:
https://go.microsoft.com/fwlink/p/?linkid=321194 .
2. Microsoft UEFI CA 2023
SHA-1 cert hash: B5EEB4A6706048073F0ED296E7F580A790B59EAA.
SignatureOwner GUID: {77fa9abd-0359-4d32-bd60-28f4e78f784b}.
Microsoft will provide the certificate to partners and it can be
added either as an EFI_CERT_X509_GUID or an EFI_CERT_RSA2048_GUID
type signature.
The Microsoft UEFI CA 2023 can be downloaded from here:
https://go.microsoft.com/fwlink/?linkid=2239872 .
------------------------------------------------------------------------
2025-12-16 21:39:26 +08:00
df4ffe43da
shim: Update to 16.1
...
- Update shim.spec to 16.1
- RPMs
shim-16.1-150300.4.31.1.x86_64.rpm
shim-debuginfo-16.1-150300.4.31.1.x86_64.rpm
shim-debugsource-16.1-150300.4.31.1.x86_64.rpm
shim-16.1-150300.4.31.1.aarch64.rpm
shim-debuginfo-16.1-150300.4.31.1.aarch64.rpm
shim-debugsource-16.1-150300.4.31.1.aarch64.rpm
- submitreq: https://build.suse.de/request/show/395247
- repo:
https://build.suse.de/package/show/SUSE:Maintenance:39913/shim.SUSE_SLE-15-SP3_Update
2025-12-16 21:38:17 +08:00
519aac2134
Sync changes to SLFO-1.2 branch
2025-08-20 13:28:06 +02:00
36a63ce442
Accepting request 1298953 from devel:openSUSE:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1298953
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=132
2025-08-13 14:23:00 +00:00
1a13df001f
SLE shim should includes vendor-dbx-sles.esl instead of vendor-dbx-opensuse.esl
...
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=228
2025-08-12 03:09:17 +00:00
8ecde2f7c4
Accepting request 1297873 from devel:openSUSE:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1297873
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=131
2025-08-07 14:48:24 +00:00
47b9ef9f4c
Building with the latest version of gcc in the codebase (bsc#1247432)
...
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=227
2025-08-06 06:39:11 +00:00
cdeea3e611
Add revoked-openSUSE-UEFI-SIGN-Certificate-2022-06.crt
...
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=226
2025-08-03 15:23:10 +00:00
a2c66dbb0d
Accepting request 1296812 from devel:openSUSE:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1296812
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=130
2025-08-01 20:40:03 +00:00
b0aa1aebf5
Add shim-disable-dxe-get-mem-attrs.patch (bsc#1247432)
...
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=225
2025-07-31 13:00:46 +00:00
3680806a84
Removed pre script in shim package for checking UEFI db has valid key for shim because it will interrupt group update of RPMs
...
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=224
2025-07-28 16:41:26 +00:00
7b3252892c
Add pre script to shim package for checking UEFI db has valid key for shim.
...
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=223
2025-07-27 05:23:54 +00:00
ae22885ad4
Accepting request 1295680 from devel:openSUSE:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1295680
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=129
2025-07-26 11:39:46 +00:00
6b079317b1
Building out shim.nx.efi for supporting non-executable (bsc#1205588)
...
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=222
2025-07-25 06:37:09 +00:00
dab15d6f4b
Accepting request 1291309 from devel:openSUSE:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1291309
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=128
2025-07-09 15:26:23 +00:00
2e10e4989d
Accepting request 1291308 from home:joeyli:branches:devel:openSUSE:Factory
...
Replace shim-16.0.tar.bz2 by upstream tarball
OBS-URL: https://build.opensuse.org/request/show/1291308
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=221
2025-07-08 14:45:51 +00:00
53918e7598
Accepting request 1285933 from devel:openSUSE:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1285933
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=127
2025-06-17 16:20:14 +00:00
15ecbb9e47
bugowner: dtseng\nSubmitting for upgrading shim to v16.0 (bsc#1240871)
...
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=220
2025-06-16 03:45:08 +00:00
1e8159c5ad
Accepting request 1281737 from devel:openSUSE:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1281737
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=126
2025-06-03 15:50:11 +00:00
14ab827c50
bugowner: dtseng\nSubmitting for upgrading shim to v16.0 (bsc#1240871)
...
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=219
2025-06-02 05:53:58 +00:00
f657c957c9
Accepting request 1276758 from devel:openSUSE:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1276758
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=125
2025-05-13 18:12:10 +00:00
db84748cd2
bugowner: dtseng\nSubmitting for upgrading shim to v16.0 (bsc#1240871)
...
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=218
2025-05-12 07:55:45 +00:00
ad40245344
Accepting request 1232808 from devel:openSUSE:Factory
...
undefine %_enable_debug_packages to fix building with rpm-4.20
OBS-URL: https://build.opensuse.org/request/show/1232808
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=124
2025-01-31 15:01:53 +00:00
2550efcadf
- undefine %_enable_debug_packages to fix building with rpm-4.20
...
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=217
2024-12-20 10:36:18 +00:00
9837b63228
Accepting request 1219481 from devel:openSUSE:Factory
...
Automatic submission by obs-autosubmit
OBS-URL: https://build.opensuse.org/request/show/1219481
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=123
2024-10-31 15:09:15 +00:00
b85a3305e7
- Update shim-install to limit the scope of the 'removable'
...
SL-Micro to the image booting with TPM2 unsealing (bsc#1210382)
* 769e41d Limit the removable option to encrypted SL-Micro
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=216
2024-10-15 02:08:00 +00:00
ab4a407325
Accepting request 1201684 from devel:openSUSE:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1201684
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=122
2024-09-18 13:26:07 +00:00
ceaad5e057
- Update shim-install to apply the missing fix for openSUSE Leap
...
(bsc#1210382)
* 86b73d1 Fix that bootx64.efi is not updated on Leap
- Update shim-install to use the 'removable' way for SL-Micro
(bsc#1230316)
* 433cc4e Always use the removable way for SL-Micro
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=215
2024-09-18 04:26:12 +00:00
ee4b9ae99c
Accepting request 1184771 from devel:openSUSE:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1184771
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=121
2024-07-02 16:15:29 +00:00
Tseng
92d5f944ea
bugowner: dtseng
...
Submitting for updating asc files after being signed back from Microsoft
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=214
2024-07-02 05:35:57 +00:00
Tseng
b2dd022059
bugowner: dtseng
...
Submitting for updating asc files after being signed back from Microsoft
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=213
2024-06-25 09:12:15 +00:00
2d8ebccca8
Accepting request 1164003 from devel:openSUSE:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1164003
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=120
2024-04-02 14:38:25 +00:00
4af5b3f4d4
Accepting request 1164001 from home:gary_lin:branches:devel:openSUSE:Factory
...
- Introduce %shim_use_fde_tpm_helper macro so that the project
can include the fde-tpm-helper-macros for the build targets
other than Tumbleweed
OBS-URL: https://build.opensuse.org/request/show/1164001
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=212
2024-04-02 04:26:58 +00:00
0a0bbf3847
Accepting request 1155012 from devel:openSUSE:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1155012
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=119
2024-03-06 22:03:16 +00:00
b7db283760
Accepting request 1151489 from home:dimstar:rpm4.20:s
...
Prepare for RPM 4.20
OBS-URL: https://build.opensuse.org/request/show/1151489
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=211
2024-03-05 09:01:55 +00:00
ddfae9a5c9
Accepting request 1147311 from devel:openSUSE:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1147311
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=118
2024-02-18 19:22:58 +00:00
8f7d539eb7
Accepting request 1147310 from home:joeyli:branches:devel:openSUSE:Factory
...
Add suffix string of project to filename of included certificates
OBS-URL: https://build.opensuse.org/request/show/1147310
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=210
2024-02-17 10:35:28 +00:00
b2a602e75f
Accepting request 1146847 from devel:openSUSE:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1146847
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=117
2024-02-15 19:59:36 +00:00
e7152e6c04
Accepting request 1146844 from home:joeyli:branches:devel:openSUSE:Factory
...
Sync shim.spec and changelog between openSUSE:Factory/shim with SLE-15-SP3/shim
OBS-URL: https://build.opensuse.org/request/show/1146844
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=209
2024-02-15 13:09:03 +00:00
05ae7fe0d8
Accepting request 1144843 from home:gary_lin:branches:devel:openSUSE:Factory
...
- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)
92d0f4305df73 Set the SRK algorithm for the TPM2 protector
OBS-URL: https://build.opensuse.org/request/show/1144843
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=208
2024-02-15 08:29:23 +00:00
e4f7469733
Accepting request 1141279 from home:lnussel:branches:devel:openSUSE:Factory
...
- Generate dbx during build so we don't include binary files in sources
OBS-URL: https://build.opensuse.org/request/show/1141279
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=207
2024-02-15 08:27:36 +00:00
e6cf2d4dce
Accepting request 1144136 from devel:openSUSE:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1144136
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=116
2024-02-06 15:32:42 +00:00
Tseng
ffda8d5b51
Accepting request 1143635 from home:gary_lin:branches:devel:openSUSE:Factory
...
- Limit the requirement of fde-tpm-helper-macros to the distro with
suse_version 1600 and above (bsc#1219460)
OBS-URL: https://build.opensuse.org/request/show/1143635
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=206
2024-02-05 08:55:58 +00:00
c03e6aa37a
Accepting request 1143192 from devel:openSUSE:Factory
...
OBS-URL: https://build.opensuse.org/request/show/1143192
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=115
2024-02-01 17:04:12 +00:00
6e9e2655ab
Accepting request 1142576 from home:dtseng:branches:devel:openSUSE:Factory
...
bugowner: dtseng
Submitting for upgrading shim to v15.8 (bsc#1215099, bsc#1215098,bsc#1215100,bsc#1215101,bsc#1215102,and bsc#1215103)
OBS-URL: https://build.opensuse.org/request/show/1142576
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=205
2024-02-01 07:25:56 +00:00
