Gary Ching-Pang Lin
23b0639b8c
Accepting request 197604 from home:lnussel:branches:devel:openSUSE:Factory
...
- set timestamp of PE file to time of the binary the signature was
made for.
- make sure cert.o get's rebuilt for each target
- Update microsoft.asc: shim signed by UEFI signing service, based
on code from "Wed Aug 28 15:54:38 UTC 2013"
OBS-URL: https://build.opensuse.org/request/show/197604
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=42
2013-09-09 03:29:33 +00:00
Gary Ching-Pang Lin
3436d7ba57
Accepting request 196735 from home:lnussel:branches:devel:openSUSE:Factory
...
- always build a shim that embeds the distro's certificate (e.g.
shim-opensuse.efi). If the package is built in the devel project
additionally shim-devel.efi is created. That allows us to either
load grub2/kernel signed by the distro or signed by the devel
project, depending on use case. Also shim-$distro.efi from the
devel project can be used to request additional signatures.
OBS-URL: https://build.opensuse.org/request/show/196735
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=40
2013-08-29 08:43:23 +00:00
Gary Ching-Pang Lin
f83d4083f6
Accepting request 196609 from home:lnussel:branches:devel:openSUSE:Factory
...
- also include old openSUSE 4096 bit certificate to be able to still
boot kernels signed with that key.
- add show_signatures script
OBS-URL: https://build.opensuse.org/request/show/196609
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=38
2013-08-28 09:32:58 +00:00
Gary Ching-Pang Lin
e60c1a0266
Accepting request 196493 from home:lnussel:branches:devel:openSUSE:Factory
...
- replace the 4096 bit openSUSE UEFI CA certificate with new a
standard compliant 2048 bit one.
OBS-URL: https://build.opensuse.org/request/show/196493
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=36
2013-08-27 07:45:39 +00:00
Gary Ching-Pang Lin
79c0b9a33d
Accepting request 195685 from home:lnussel:branches:devel:openSUSE:Factory
...
- fix shell syntax error
OBS-URL: https://build.opensuse.org/request/show/195685
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=34
2013-08-22 01:54:02 +00:00
Gary Ching-Pang Lin
dd00d3c666
Accepting request 186534 from home:lnussel:branches:devel:openSUSE:Factory
...
- don't include binary in the sources. Instead package the raw
signature and attach it during build (bnc#813448).
OBS-URL: https://build.opensuse.org/request/show/186534
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=32
2013-08-09 09:33:45 +00:00
Gary Ching-Pang Lin
125b3129ee
Accepting request 185349 from home:gary_lin:branches:devel:openSUSE:Factory
...
- Update shim-mokmanager-ui-revamp.patch to include fixes for
MokManager
+ reboot the system after clearing MOK password
+ fetch more info from X509 name
+ check the suffix of the key file
OBS-URL: https://build.opensuse.org/request/show/185349
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=30
2013-08-01 02:49:52 +00:00
Gary Ching-Pang Lin
16ab868efc
Accepting request 184039 from home:gary_lin:branches:devel:openSUSE:Factory
...
- Update to 0.4
- Rebase patches
+ shim-suse-build.patch
+ shim-mokmanager-support-crypt-hash-method.patch
+ shim-bnc804631-fix-broken-bootpath.patch
+ shim-bnc798043-no-doulbe-separators.patch
+ shim-bnc807760-change-pxe-2nd-loader-name.patch
+ shim-bnc808106-correct-certcount.patch
+ shim-mokmanager-ui-revamp.patch
- Add patches
+ shim-merge-lf-loader-code.patch: merge the Linux Foundation
loader UI code
+ shim-fix-pointer-casting.patch: fix a casting issue and the
size of an empty vendor cert
+ shim-fix-simple-file-selector.patch: fix the buffer allocation
in the simple file selector
- Remove upstreamed patches
+ shim-support-mok-delete.patch
+ shim-reboot-after-changes.patch
+ shim-clear-queued-key.patch
+ shim-local-key-sign-mokmanager.patch
+ shim-get-2nd-stage-loader.patch
+ shim-fix-loadoptions.patch
- Remove unused patch: shim-mokmanager-new-pw-hash.patch and
shim-keep-unsigned-mokmanager.patch
- Install the vendor certificate to /etc/uefi/certs
OBS-URL: https://build.opensuse.org/request/show/184039
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=28
2013-07-23 04:44:22 +00:00
Gary Ching-Pang Lin
e6e545b72a
Accepting request 174778 from home:gary_lin:branches:devel:openSUSE:Factory
...
Revamp the MokManager UI
OBS-URL: https://build.opensuse.org/request/show/174778
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=26
2013-05-08 06:52:29 +00:00
Gary Ching-Pang Lin
2e7d74adf8
Accepting request 162327 from home:gary_lin:branches:devel:openSUSE:Factory
...
bnc#813079: Call update-bootloader in %post to update *.efi in \efi\opensuse
OBS-URL: https://build.opensuse.org/request/show/162327
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=24
2013-04-03 06:25:09 +00:00
Gary Ching-Pang Lin
6c21f45551
Accepting request 157970 from home:gary_lin:branches:devel:openSUSE:Factory
...
bnc#807760: change the PXE 2nd stage loader name
bnc#808106: certificate count of the signature list
OBS-URL: https://build.opensuse.org/request/show/157970
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=22
2013-03-08 08:06:19 +00:00
Gary Ching-Pang Lin
e356a6eeae
Accepting request 157208 from home:gary_lin:branches:devel:openSUSE:Factory
...
(bnc#798043#c4) remove double seperators from the bootpath
OBS-URL: https://build.opensuse.org/request/show/157208
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=20
2013-03-05 10:12:49 +00:00
Gary Ching-Pang Lin
d1f2afa617
Accepting request 156849 from home:lnussel:sbtest
...
- sign shim also with openSUSE certificate
OBS-URL: https://build.opensuse.org/request/show/156849
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=18
2013-03-01 03:32:55 +00:00
54f4730c79
add changes
...
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=17
2013-02-27 16:19:41 +00:00
c0a6a69e10
- identify project, export certificate as DER file
...
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=12
2013-02-27 14:53:25 +00:00
Gary Ching-Pang Lin
4f72d9c0de
Accepting request 156025 from home:gary_lin:branches:devel:openSUSE:Factory
...
bnc#804631: fix the broken bootpath generated in generate_path()
OBS-URL: https://build.opensuse.org/request/show/156025
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=10
2013-02-22 10:31:48 +00:00
Stephan Kulow
eec41d4d52
Accepting request 155105 from home:fcrozat:branches:devel:openSUSE:Factory
...
- Update with shim signed by UEFI signing service, based on code
from "Thu Feb 7 06:56:19 UTC 2013".
OBS-URL: https://build.opensuse.org/request/show/155105
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=8
2013-02-11 12:35:13 +00:00
Stephan Kulow
9f50c19371
Accepting request 151605 from home:lnussel:branches:devel:openSUSE:Factory
...
- prepare for having a signed shim from the UEFI signing service
OBS-URL: https://build.opensuse.org/request/show/151605
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=6
2013-02-07 16:09:29 +00:00
Stephan Kulow
0f6fe46307
Accepting request 151556 from devel:openSUSE:Factory
...
- Sign shim-opensuse.efi and MokManager.efi with the openSUSE cert
- Add shim-keep-unsigned-mokmanager.patch to keep the unsigned
MokManager and sign it later. (forwarded request 151555 from gary_lin)
OBS-URL: https://build.opensuse.org/request/show/151556
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=6
2013-02-07 13:54:45 +00:00
Stephan Kulow
9239291420
Accepting request 150398 from Base:System
...
Add shim-mokmanager-support-crypt-hash-method.patch to support password hash from /etc/shadow (FATE#314506) (forwarded request 150394 from gary_lin)
OBS-URL: https://build.opensuse.org/request/show/150398
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=5
2013-01-30 10:19:49 +00:00
Stephan Kulow
d4ac6df770
Accepting request 150244 from Base:System
...
- Embed openSUSE-UEFI-CA-Certificate.crt in shim
- Rename shim-unsigned.efi to shim-opensuse.efi. (forwarded request 150243 from gary_lin)
OBS-URL: https://build.opensuse.org/request/show/150244
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=4
2013-01-29 13:42:18 +00:00
Stephan Kulow
718fa0d383
Accepting request 148928 from Base:System
...
- Update shim-mokmanager-new-pw-hash.patch to extend the password
hash format
- Rename shim.efi as shim-unsigned.efi (forwarded request 148926 from gary_lin)
OBS-URL: https://build.opensuse.org/request/show/148928
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=2
2013-01-20 13:53:46 +00:00
Stephan Kulow
d7945289e5
Accepting request 148684 from Base:System
...
the preboot loader for UEFI secureboot
OBS-URL: https://build.opensuse.org/request/show/148684
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=1
2013-01-17 09:43:06 +00:00