Commit Graph

23 Commits

Author SHA256 Message Date
Gary Ching-Pang Lin
23b0639b8c Accepting request 197604 from home:lnussel:branches:devel:openSUSE:Factory
- set timestamp of PE file to time of the binary the signature was
  made for.
- make sure cert.o get's rebuilt for each target

- Update microsoft.asc: shim signed by UEFI signing service, based
  on code from "Wed Aug 28 15:54:38 UTC 2013"

OBS-URL: https://build.opensuse.org/request/show/197604
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=42
2013-09-09 03:29:33 +00:00
Gary Ching-Pang Lin
3436d7ba57 Accepting request 196735 from home:lnussel:branches:devel:openSUSE:Factory
- always build a shim that embeds the distro's certificate (e.g.
  shim-opensuse.efi). If the package is built in the devel project
  additionally shim-devel.efi is created. That allows us to either
  load grub2/kernel signed by the distro or signed by the devel
  project, depending on use case. Also shim-$distro.efi from the
  devel project can be used to request additional signatures.

OBS-URL: https://build.opensuse.org/request/show/196735
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=40
2013-08-29 08:43:23 +00:00
Gary Ching-Pang Lin
f83d4083f6 Accepting request 196609 from home:lnussel:branches:devel:openSUSE:Factory
- also include old openSUSE 4096 bit certificate to be able to still
  boot kernels signed with that key.
- add show_signatures script

OBS-URL: https://build.opensuse.org/request/show/196609
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=38
2013-08-28 09:32:58 +00:00
Gary Ching-Pang Lin
e60c1a0266 Accepting request 196493 from home:lnussel:branches:devel:openSUSE:Factory
- replace the 4096 bit openSUSE UEFI CA certificate with new a
  standard compliant 2048 bit one.

OBS-URL: https://build.opensuse.org/request/show/196493
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=36
2013-08-27 07:45:39 +00:00
Gary Ching-Pang Lin
79c0b9a33d Accepting request 195685 from home:lnussel:branches:devel:openSUSE:Factory
- fix shell syntax error

OBS-URL: https://build.opensuse.org/request/show/195685
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=34
2013-08-22 01:54:02 +00:00
Gary Ching-Pang Lin
dd00d3c666 Accepting request 186534 from home:lnussel:branches:devel:openSUSE:Factory
- don't include binary in the sources. Instead package the raw
  signature and attach it during build (bnc#813448).

OBS-URL: https://build.opensuse.org/request/show/186534
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=32
2013-08-09 09:33:45 +00:00
Gary Ching-Pang Lin
125b3129ee Accepting request 185349 from home:gary_lin:branches:devel:openSUSE:Factory
- Update shim-mokmanager-ui-revamp.patch to include fixes for
  MokManager
  + reboot the system after clearing MOK password
  + fetch more info from X509 name
  + check the suffix of the key file

OBS-URL: https://build.opensuse.org/request/show/185349
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=30
2013-08-01 02:49:52 +00:00
Gary Ching-Pang Lin
16ab868efc Accepting request 184039 from home:gary_lin:branches:devel:openSUSE:Factory
- Update to 0.4
- Rebase patches
  + shim-suse-build.patch
  + shim-mokmanager-support-crypt-hash-method.patch
  + shim-bnc804631-fix-broken-bootpath.patch
  + shim-bnc798043-no-doulbe-separators.patch
  + shim-bnc807760-change-pxe-2nd-loader-name.patch
  + shim-bnc808106-correct-certcount.patch 
  + shim-mokmanager-ui-revamp.patch
- Add patches
  + shim-merge-lf-loader-code.patch: merge the Linux Foundation
    loader UI code
  + shim-fix-pointer-casting.patch: fix a casting issue and the
    size of an empty vendor cert
  + shim-fix-simple-file-selector.patch: fix the buffer allocation
    in the simple file selector
- Remove upstreamed patches
  + shim-support-mok-delete.patch
  + shim-reboot-after-changes.patch
  + shim-clear-queued-key.patch
  + shim-local-key-sign-mokmanager.patch
  + shim-get-2nd-stage-loader.patch
  + shim-fix-loadoptions.patch
- Remove unused patch: shim-mokmanager-new-pw-hash.patch and
  shim-keep-unsigned-mokmanager.patch
- Install the vendor certificate to /etc/uefi/certs

OBS-URL: https://build.opensuse.org/request/show/184039
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=28
2013-07-23 04:44:22 +00:00
Gary Ching-Pang Lin
e6e545b72a Accepting request 174778 from home:gary_lin:branches:devel:openSUSE:Factory
Revamp the MokManager UI

OBS-URL: https://build.opensuse.org/request/show/174778
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=26
2013-05-08 06:52:29 +00:00
Gary Ching-Pang Lin
2e7d74adf8 Accepting request 162327 from home:gary_lin:branches:devel:openSUSE:Factory
bnc#813079: Call update-bootloader in %post to update *.efi in \efi\opensuse

OBS-URL: https://build.opensuse.org/request/show/162327
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=24
2013-04-03 06:25:09 +00:00
Gary Ching-Pang Lin
6c21f45551 Accepting request 157970 from home:gary_lin:branches:devel:openSUSE:Factory
bnc#807760: change the PXE 2nd stage loader name
bnc#808106: certificate count of the signature list

OBS-URL: https://build.opensuse.org/request/show/157970
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=22
2013-03-08 08:06:19 +00:00
Gary Ching-Pang Lin
e356a6eeae Accepting request 157208 from home:gary_lin:branches:devel:openSUSE:Factory
(bnc#798043#c4) remove double seperators from the bootpath

OBS-URL: https://build.opensuse.org/request/show/157208
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=20
2013-03-05 10:12:49 +00:00
Gary Ching-Pang Lin
d1f2afa617 Accepting request 156849 from home:lnussel:sbtest
- sign shim also with openSUSE certificate

OBS-URL: https://build.opensuse.org/request/show/156849
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=18
2013-03-01 03:32:55 +00:00
54f4730c79 add changes
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=17
2013-02-27 16:19:41 +00:00
c0a6a69e10 - identify project, export certificate as DER file
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=12
2013-02-27 14:53:25 +00:00
Gary Ching-Pang Lin
4f72d9c0de Accepting request 156025 from home:gary_lin:branches:devel:openSUSE:Factory
bnc#804631: fix the broken bootpath generated in generate_path()

OBS-URL: https://build.opensuse.org/request/show/156025
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=10
2013-02-22 10:31:48 +00:00
Stephan Kulow
eec41d4d52 Accepting request 155105 from home:fcrozat:branches:devel:openSUSE:Factory
- Update with shim signed by UEFI signing service, based on code
  from "Thu Feb  7 06:56:19 UTC 2013".

OBS-URL: https://build.opensuse.org/request/show/155105
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=8
2013-02-11 12:35:13 +00:00
Stephan Kulow
9f50c19371 Accepting request 151605 from home:lnussel:branches:devel:openSUSE:Factory
- prepare for having a signed shim from the UEFI signing service

OBS-URL: https://build.opensuse.org/request/show/151605
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=6
2013-02-07 16:09:29 +00:00
Stephan Kulow
0f6fe46307 Accepting request 151556 from devel:openSUSE:Factory
- Sign shim-opensuse.efi and MokManager.efi with the openSUSE cert
- Add shim-keep-unsigned-mokmanager.patch to keep the unsigned
  MokManager and sign it later. (forwarded request 151555 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/151556
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=6
2013-02-07 13:54:45 +00:00
Stephan Kulow
9239291420 Accepting request 150398 from Base:System
Add shim-mokmanager-support-crypt-hash-method.patch to support password hash from /etc/shadow (FATE#314506) (forwarded request 150394 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/150398
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=5
2013-01-30 10:19:49 +00:00
Stephan Kulow
d4ac6df770 Accepting request 150244 from Base:System
- Embed openSUSE-UEFI-CA-Certificate.crt in shim
- Rename shim-unsigned.efi to shim-opensuse.efi. (forwarded request 150243 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/150244
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=4
2013-01-29 13:42:18 +00:00
Stephan Kulow
718fa0d383 Accepting request 148928 from Base:System
- Update shim-mokmanager-new-pw-hash.patch to extend the password
  hash format
- Rename shim.efi as shim-unsigned.efi (forwarded request 148926 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/148928
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=2
2013-01-20 13:53:46 +00:00
Stephan Kulow
d7945289e5 Accepting request 148684 from Base:System
the preboot loader for UEFI secureboot

OBS-URL: https://build.opensuse.org/request/show/148684
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=1
2013-01-17 09:43:06 +00:00