pool/shim
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
262 Commits 2 Branches 0 Tags 16 MiB
6d8249d4ab
Commit Graph

156 Commits

Author SHA256 Message Date
Joey Lee
84a3ac6c45 Accepting request 1078223 from home:joeyli:branches:devel:openSUSE:Factory 
Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec (bsc#1205588)

OBS-URL: https://build.opensuse.org/request/show/1078223
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=201
 2023-04-10 06:10:02 +00:00
Joey Lee
8dffdb384c Accepting request 1057932 from home:joeyli:branches:devel:openSUSE:Factory 
Removed shim-bsc1198101-opensuse-cert-prompt.patch (bsc#1198101)

OBS-URL: https://build.opensuse.org/request/show/1057932
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=200
 2023-01-12 09:08:02 +00:00
Joey Lee
171b8de0fc Accepting request 1041831 from home:joeyli:branches:devel:openSUSE:Factory 
Modified shim-install, add patches to support full disk encryption: (jsc#PED-922)

OBS-URL: https://build.opensuse.org/request/show/1041831
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=199
 2022-12-09 09:53:50 +00:00
Joey Lee
34a594d236 Accepting request 1037456 from home:joeyli:branches:devel:openSUSE:Factory 
Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588)

OBS-URL: https://build.opensuse.org/request/show/1037456
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=198
 2022-11-23 07:50:36 +00:00
Joey Lee
ccd71ae517 Accepting request 1037005 from home:joeyli:branches:devel:openSUSE:Factory 
Add shim-Enable-the-NX-compatibility-flag-by-default.patch to enable the NX compatibility flag by default. (jsc#PED-127)

OBS-URL: https://build.opensuse.org/request/show/1037005
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=197
 2022-11-21 05:00:30 +00:00
Joey Lee
958db7043d Accepting request 1036528 from home:joeyli:branches:devel:openSUSE:Factory 
Drop upstreamed patch shim-Enable-TDX-measurement-to-RTMR-register.patch (jsc#PED-1273)

OBS-URL: https://build.opensuse.org/request/show/1036528
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=196
 2022-11-18 04:37:27 +00:00
Joey Lee
b7972463e9 Accepting request 1036423 from home:joeyli:branches:devel:openSUSE:Factory 
Update to 15.7 (bsc#1198458)(jsc#PED-127)

OBS-URL: https://build.opensuse.org/request/show/1036423
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=195
 2022-11-17 10:52:49 +00:00
Joey Lee
e8b8c97820 Accepting request 1035798 from home:joeyli:branches:devel:openSUSE:Factory 
Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127)

OBS-URL: https://build.opensuse.org/request/show/1035798
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=194
 2022-11-15 09:50:55 +00:00
Joey Lee
63e4498fc9 Accepting request 1006812 from home:michael-chang:branches:devel:openSUSE:Factory 
- shim-install: ensure grub.cfg created is not overwritten after
  installing grub related files

OBS-URL: https://build.opensuse.org/request/show/1006812
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=193
 2022-09-30 06:58:17 +00:00
Joey Lee
2386bd59cb Accepting request 1002927 from home:KHanich:branches:devel:openSUSE:Factory 
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable.
  (bsc#1201066)

OBS-URL: https://build.opensuse.org/request/show/1002927
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=192
 2022-09-16 06:35:39 +00:00
Joey Lee
a379c7b18b Accepting request 993203 from home:joeyli:branches:devel:openSUSE:Factory 
Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120)

OBS-URL: https://build.opensuse.org/request/show/993203
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=191
 2022-08-05 05:58:36 +00:00
Joey Lee
63fb624566 Accepting request 991618 from home:joeyli:branches:devel:openSUSE:Factory 
Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)

OBS-URL: https://build.opensuse.org/request/show/991618
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=190
 2022-07-29 02:47:14 +00:00
Joey Lee
3bb7cc18a5 Accepting request 991171 from home:joeyli:branches:devel:openSUSE:Factory 
Revoked the change in shim.spec for use common SBAT values (boo#1193282) (bsc#1198458)

OBS-URL: https://build.opensuse.org/request/show/991171
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=189
 2022-07-26 04:16:19 +00:00
Joey Lee
20e705b979 Accepting request 971203 from home:lnussel:branches:Base:System 
- use common SBAT values (boo#1193282)

OBS-URL: https://build.opensuse.org/request/show/971203
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=188
 2022-07-14 02:23:22 +00:00
Joey Lee
7410f7aef0 Accepting request 985418 from home:joeyli:branches:devel:openSUSE:Factory 
Update to 15.6 (bsc#1198458)

OBS-URL: https://build.opensuse.org/request/show/985418
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=187
 2022-06-28 05:59:27 +00:00
Gary Ching-Pang Lin
182fd24b7c Accepting request 903339 from home:gary_lin:branches:devel:openSUSE:Factory 
avoid deleting the mirrored RT variables (bsc#1187696)

OBS-URL: https://build.opensuse.org/request/show/903339
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=186
 2021-07-01 06:13:57 +00:00
Gary Ching-Pang Lin
4e7f70bc3a Accepting request 901235 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-bsc1185232-fix-config-table-copying.patch to avoid
  buffer overflow when copying data to the MOK config table
  (bsc#1185232)

OBS-URL: https://build.opensuse.org/request/show/901235
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=185
 2021-06-22 02:03:16 +00:00
Gary Ching-Pang Lin
32f6f1f55a Accepting request 901053 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-disable-export-vendor-dbx.patch to disable exporting
  vendor-dbx to MokListXRT since writing a large RT variable
  could crash some machines (bsc#1185261)
- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the
  potential crash when calling QueryVariableInfo in EFI 1.10
  machines (bsc#1187260)

- Add shim-fix-aa64-relsz.patch to fix the size of rela sections
  for AArch64
  Fix: https://github.com/rhboot/shim/issues/371

OBS-URL: https://build.opensuse.org/request/show/901053
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=184
 2021-06-21 02:58:46 +00:00
Gary Ching-Pang Lin
b128f342b9 Accepting request 900008 from home:gary_lin:branches:devel:openSUSE:Factory 
ignore the odd LoadOptions length (bsc#1185232)

OBS-URL: https://build.opensuse.org/request/show/900008
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=183
 2021-06-15 03:59:23 +00:00
Gary Ching-Pang Lin
b088ad9ddf Accepting request 897356 from home:gary_lin:branches:devel:openSUSE:Factory 
- shim-install: reset def_shim_efi to "shim.efi" if the given
  file doesn't exist

OBS-URL: https://build.opensuse.org/request/show/897356
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=182
 2021-06-04 08:21:06 +00:00
Gary Ching-Pang Lin
7f83b4b531 Accepting request 894182 from home:gary_lin:branches:devel:openSUSE:Factory 
- shim-install: instead of assuming "removable" for Azure, remove
  fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot
  to make \EFI\Boot bootable and keep the boot option created by
  efibootmgr (bsc#1185464, bsc#1185961)

- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax
  the check for import_mok_state() when Secure Boot is off.
  (bsc#1185261)

OBS-URL: https://build.opensuse.org/request/show/894182
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=181
 2021-05-19 01:26:58 +00:00
Gary Ching-Pang Lin
d24e6a73df Accepting request 891229 from home:gary_lin:branches:devel:openSUSE:Factory 
shim-install: always assume "removable" for Azure to avoid the endless reset loop (bsc#1185464)

OBS-URL: https://build.opensuse.org/request/show/891229
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=180
 2021-05-07 08:38:12 +00:00
Gary Ching-Pang Lin
f94c2e5bcf Accepting request 890839 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the
  maximum variable size check for u-boot (bsc#1185621)

- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
  to handle ignore_db and user_insecure_mode correctly
  (bsc#1185441)

OBS-URL: https://build.opensuse.org/request/show/890839
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=179
 2021-05-06 03:35:27 +00:00
Gary Ching-Pang Lin
14a92e6f61 Accepting request 888994 from home:gary_lin:branches:devel:openSUSE:Factory 
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
  vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
  the size of MokListXRT (bsc#1185261) 
  + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz

OBS-URL: https://build.opensuse.org/request/show/888994
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=178
 2021-04-28 10:01:26 +00:00
Gary Ching-Pang Lin
0f47283b84 Accepting request 883796 from home:gary_lin:branches:devel:openSUSE:Factory 
- avoid the error message during linux system boot (bsc#1184454)
- prevent the build id being added to the binary. That can cause issues with the signature

OBS-URL: https://build.opensuse.org/request/show/883796
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=177
 2021-04-08 09:16:46 +00:00
Gary Ching-Pang Lin
1354ba095a Accepting request 882314 from home:gary_lin:branches:devel:openSUSE:Factory 
Update to 15.4 (bsc#1182057)

OBS-URL: https://build.opensuse.org/request/show/882314
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=176
 2021-03-31 08:55:10 +00:00
Gary Ching-Pang Lin
bbfcbff67b Accepting request 881822 from home:gary_lin:branches:devel:openSUSE:Factory 
change the SBAT variable name and enhance the handling of SBAT (bsc#1182057)

OBS-URL: https://build.opensuse.org/request/show/881822
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=175
 2021-03-29 07:54:46 +00:00
Gary Ching-Pang Lin
300c690132 Accepting request 880836 from home:gary_lin:branches:devel:openSUSE:Factory 
Update the changelog to address a dropped patch

OBS-URL: https://build.opensuse.org/request/show/880836
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=174
 2021-03-24 03:33:21 +00:00
Gary Ching-Pang Lin
0fc0214e26 Accepting request 880833 from home:gary_lin:branches:devel:openSUSE:Factory 
- Update to 15.3 for SBAT support (bsc#1182057)

OBS-URL: https://build.opensuse.org/request/show/880833
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=173
 2021-03-24 03:16:20 +00:00
Gary Ching-Pang Lin
b9c4429460 Accepting request 878250 from home:gary_lin:branches:devel:openSUSE:Factory 
- Refresh shim-bsc1182776-fix-crash-at-exit.patch to do the cleanup
  also when Secure Boot is disabled (bsc#1183213, bsc#1182776)
- Merged linker-version.pl into timestamp.pl and add the linker
  version to signature files accordingly

OBS-URL: https://build.opensuse.org/request/show/878250
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=172
 2021-03-11 03:36:34 +00:00
Gary Ching-Pang Lin
cce479bdc0 Accepting request 877543 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-bsc1182776-fix-crash-at-exit.patch to fix the potential
  crash at Exit() (bsc#1182776)

OBS-URL: https://build.opensuse.org/request/show/877543
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=171
 2021-03-08 03:42:43 +00:00
Gary Ching-Pang Lin
e3245db390 Accepting request 865543 from home:gary_lin:branches:devel:openSUSE:Factory 
- Update the SLE signature
- Exclude some patches from x86_64 to avoid breaking the signature
- Add shim-correct-license-in-headers.patch back for x86_64 to
  match the SLE signature
- Add linker-version.pl to modify the EFI/PE header to match the
  SLE signature

OBS-URL: https://build.opensuse.org/request/show/865543
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=170
 2021-01-22 04:22:49 +00:00
Gary Ching-Pang Lin
877a8b9828 Accepting request 845885 from home:gary_lin:branches:devel:openSUSE:Factory 
- Disable the signature attachment for AArch64 temporarily until we get a real one.

OBS-URL: https://build.opensuse.org/request/show/845885
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=169
 2020-11-04 06:15:49 +00:00
Gary Ching-Pang Lin
ad2aeff5ac Accepting request 845367 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-bsc1177315-verify-eku-codesign.patch to check CodeSign
  in the signer's EKU (bsc#1177315)
- Add shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
  to fix NULL pointer dereference in AuthenticodeVerify()
  (bsc#1177789, CVE-2019-14584)
- shim-install: Support changing default shim efi binary in
  /usr/etc/default/shim and /etc/default/shim (bsc#1177315)
- Add shim-bsc1177315-fix-buffer-use-after-free.patch to fix buffer
  use-after-free at the end of the EKU verification (bsc#1177315)

OBS-URL: https://build.opensuse.org/request/show/845367
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=168
 2020-11-03 06:49:18 +00:00
Gary Ching-Pang Lin
a14628c7b5 Accepting request 841727 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-bsc1177404-fix-a-use-of-strlen.patch to fix the length
  of the option data string to launch the program correctly
  (bsc#1177404)
- Add shim-bsc1175509-more-tpm-fixes.patch to fix the file path
  in the tpm even log (bsc#1175509)

OBS-URL: https://build.opensuse.org/request/show/841727
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=167
 2020-10-14 09:22:20 +00:00
Gary Ching-Pang Lin
6cefe7b10f Accepting request 834242 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-VLogError-Avoid-Null-pointer-dereferences.patch to fix
  VLogError crash in AArch64 (jsc#SLE-15824)
- Add shim-fix-verify-eku.patch to fix the potential crash at
  verify_eku() (jsc#SLE-15824)
- Add shim-do-not-write-string-literals.patch to fix the potential
  crash when accessing the DEFAULT_LOADER string (jsc#SLE-15824)

OBS-URL: https://build.opensuse.org/request/show/834242
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=166
 2020-09-14 08:23:32 +00:00
Gary Ching-Pang Lin
0e2b985c49 Accepting request 832350 from home:Guillaume_G:branches:devel:openSUSE:Factory 
- Enable build on aarch64

OBS-URL: https://build.opensuse.org/request/show/832350
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=165
 2020-09-07 01:45:46 +00:00
Gary Ching-Pang Lin
d1e5e5e18a Accepting request 828865 from home:gary_lin:branches:devel:openSUSE:Factory 
install MokManager to \EFI\boot to process the pending MOK request (bsc#1175626, bsc#1175656)

OBS-URL: https://build.opensuse.org/request/show/828865
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=164
 2020-08-24 08:28:08 +00:00
Gary Ching-Pang Lin
4e169f6be0 Accepting request 828385 from home:gary_lin:branches:devel:openSUSE:Factory 
fix the TPM2 measurement (bsc#1175509)

OBS-URL: https://build.opensuse.org/request/show/828385
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=163
 2020-08-21 06:24:52 +00:00
Gary Ching-Pang Lin
ca285f90f5 Accepting request 824673 from home:gary_lin:branches:devel:openSUSE:Factory 
Amend the check of %shim_enforce_ms_signature so that we can disable the signature check by defining shim_enforce_ms_signature as 0

OBS-URL: https://build.opensuse.org/request/show/824673
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=162
 2020-08-06 10:25:36 +00:00
Gary Ching-Pang Lin
761179927f Accepting request 824566 from home:gary_lin:branches:devel:openSUSE:Factory 
Updated openSUSE signature

OBS-URL: https://build.opensuse.org/request/show/824566
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=161
 2020-08-06 03:10:22 +00:00
Gary Ching-Pang Lin
1a492cd8bd Accepting request 822928 from home:gary_lin:branches:devel:openSUSE:Factory 
Update the license header patch (bsc#1174512)

OBS-URL: https://build.opensuse.org/request/show/822928
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=160
 2020-07-27 07:40:45 +00:00
Gary Ching-Pang Lin
ccb8d59de9 Accepting request 822324 from home:gary_lin:branches:devel:openSUSE:Factory 
Update the path to grub-tpm.efi in shim-install (bsc#1174320)

OBS-URL: https://build.opensuse.org/request/show/822324
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=159
 2020-07-23 08:39:45 +00:00
Gary Ching-Pang Lin
f0bb3978c4 Accepting request 819890 from home:gary_lin:branches:devel:openSUSE:Factory 
only check EFI variable copying when Secure Boot is enabled (bsc#1173411)

OBS-URL: https://build.opensuse.org/request/show/819890
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=158
 2020-07-10 07:26:45 +00:00
Gary Ching-Pang Lin
f673bb4d2e Accepting request 790062 from home:gary_lin:branches:devel:openSUSE:Factory 
Use the full path of efibootmgr to avoid errors when invoking shim-install from packagekitd (bsc#1168104)

OBS-URL: https://build.opensuse.org/request/show/790062
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=157
 2020-03-31 09:46:57 +00:00
Gary Ching-Pang Lin
d2c2a9d07b Accepting request 789643 from home:gary_lin:branches:devel:openSUSE:Factory 
Use "suse_version" instead of "sle_version" to avoid shim_lib64_share_compat being set in Tumbleweed forever.

OBS-URL: https://build.opensuse.org/request/show/789643
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=156
 2020-03-30 06:34:16 +00:00
Gary Ching-Pang Lin
e0cafca96d - Add shim-fix-gnu-efi-3.0.11.patch to fix the build error caused 
by the upgrade of gnu-efi

OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=155
 2020-03-16 09:43:20 +00:00
Gary Ching-Pang Lin
7ef93b059a Accepting request 751177 from home:michael-chang:branches:devel:openSUSE:Factory 
- shim-install: add check for btrfs is used as root file system to enable
  relative path lookup for file. (bsc#1153953)

OBS-URL: https://build.opensuse.org/request/show/751177
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=154
 2019-11-27 07:50:22 +00:00
Gary Ching-Pang Lin
441cbe7c4c Accepting request 723852 from home:gary_lin:branches:devel:openSUSE:Factory 
Fix a typo in shim-install (bsc#1145802)

OBS-URL: https://build.opensuse.org/request/show/723852
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=153
 2019-08-16 04:12:38 +00:00
Gary Ching-Pang Lin
283ffe9359 - Add gcc9-fix-warnings.patch (bsc#1121268). 
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=152
 2019-04-19 10:33:47 +00:00