------------------------------------------------------------------- Tue Apr 29 07:38:11 UTC 2014 - mchang@suse.com - shim-install: fix boot partition and rollback support kluge (bnc#875385) ------------------------------------------------------------------- Thu Apr 10 08:20:20 UTC 2014 - glin@suse.com - Replace shim-mokmanager-support-sha1.patch with shim-mokmanager-support-sha-family.patch to support the SHA family ------------------------------------------------------------------- Mon Apr 7 09:32:21 UTC 2014 - glin@suse.com - Add shim-mokmanager-support-sha1.patch to support SHA1 hashes in MOK ------------------------------------------------------------------- Mon Mar 31 11:57:13 UTC 2014 - mchang@suse.com - snapper rollback support (fate#317062) - refresh shim-install ------------------------------------------------------------------- Thu Mar 13 02:32:15 UTC 2014 - glin@suse.com - Insert the right signature (bnc#867974) ------------------------------------------------------------------- Mon Mar 10 07:56:44 UTC 2014 - glin@suse.com - Add shim-fix-uninitialized-variable.patch to fix the use of uninitialzed variables in lib ------------------------------------------------------------------- Fri Mar 7 09:09:12 UTC 2014 - glin@suse.com - Add shim-mokmanager-delete-bs-var-right.patch to delete the BS+NV variables the right way - Update shim-opensuse-cert-prompt.patch to delete openSUSE_Verify correctly ------------------------------------------------------------------- Thu Mar 6 07:37:57 UTC 2014 - glin@suse.com - Add shim-fallback-avoid-duplicate-bootorder.patch to fix the duplicate entries in BootOrder - Add shim-allow-fallback-use-system-loadimage.patch to handle the shim protocol properly to keep only one protocol entity - Refresh shim-opensuse-cert-prompt.patch ------------------------------------------------------------------- Thu Mar 6 03:53:49 UTC 2014 - mchang@suse.com - shim-install: fix the $prefix to use grub2-mkrelpath for paths on btrfs subvolume (bnc#866690). ------------------------------------------------------------------- Tue Mar 4 04:19:05 UTC 2014 - glin@suse.com - FATE#315002: Update shim-install to install shim.efi as the EFI default bootloader when none exists in \EFI\boot. ------------------------------------------------------------------- Thu Feb 27 09:46:49 UTC 2014 - fcrozat@suse.com - Update signature-sles.asc: shim signed by UEFI signing service, based on code from "Thu Feb 20 11:57:01 UTC 2014" ------------------------------------------------------------------- Fri Feb 21 08:45:46 UTC 2014 - glin@suse.com - Add shim-opensuse-cert-prompt.patch to show the prompt to ask whether the user trusts the openSUSE certificate or not ------------------------------------------------------------------- Thu Feb 20 11:57:01 UTC 2014 - lnussel@suse.de - allow package to carry multiple signatures - check correct certificate is embedded ------------------------------------------------------------------- Thu Feb 20 10:06:47 UTC 2014 - lnussel@suse.de - always clean up generated files that embed certificates (shim_cert.h shim.cer shim.crt) to make sure next build loop rebuilds them properly ------------------------------------------------------------------- Mon Feb 17 09:58:56 UTC 2014 - glin@suse.com - Add shim-bnc863205-mokmanager-fix-hash-delete.patch to fix the hash deletion operation to avoid ruining the whole list (bnc#863205) ------------------------------------------------------------------- Tue Feb 11 06:30:02 UTC 2014 - glin@suse.com - Update shim-mokx-support.patch to support the resetting of MOK blacklist - Add shim-get-variable-check.patch to fix the variable checking in get_variable_attr - Add shim-improve-fallback-entries-creation.patch to improve the boot entry pathes and avoid generating the boot entries that are already there - Update SUSE certificate - Update attach_signature.sh, show_hash.sh, strip_signature.sh, extract_signature.sh and show_signatures.sh to remove the creation of the temporary nss database - Add shim-only-os-name.patch: remove the kernel version of the build server - Match the the prefix of the project name properly by escaping the percent sign. ------------------------------------------------------------------- Wed Jan 22 13:45:44 UTC 2014 - lnussel@suse.de - enable signature assertion also in SUSE: hierarchy ------------------------------------------------------------------- Fri Dec 6 06:44:43 UTC 2013 - glin@suse.com - Add shim-mokmanager-handle-keystroke-error.patch to handle the error status from ReadKeyStroke to avoid unexpected keys ------------------------------------------------------------------- Thu Dec 5 02:05:13 UTC 2013 - glin@suse.com - Update to 0.7 - Add upstream patches: + shim-fix-verify-mok.patch + shim-improve-error-messages.patch + shim-correct-user_insecure-usage.patch + shim-fix-dhcpv4-path-generation.patch - Add shim-mokx-support.patch to support the MOK blacklist (Fate#316531) - Drop upstreamed patches + shim-fix-pointer-casting.patch + shim-merge-lf-loader-code.patch + shim-fix-simple-file-selector.patch + shim-mokmanager-support-crypt-hash-method.patch + shim-bnc804631-fix-broken-bootpath.patch + shim-bnc798043-no-doulbe-separators.patch + shim-bnc807760-change-pxe-2nd-loader-name.patch + shim-bnc808106-correct-certcount.patch + shim-mokmanager-ui-revamp.patch + shim-netboot-fixes.patch + shim-mokmanager-disable-gfx-console.patch - Drop shim-suse-build.patch: it's not necessary anymore - Drop shim-bnc841426-silence-shim-protocols.patch: shim is not verbose by default ------------------------------------------------------------------- Thu Oct 31 09:11:18 UTC 2013 - fcrozat@suse.com - Update microsoft.asc: shim signed by UEFI signing service, based on code from "Tue Oct 1 04:29:29 UTC 2013". ------------------------------------------------------------------- Tue Oct 1 04:29:29 UTC 2013 - glin@suse.com - Add shim-netboot-fixes.patch to include upstream netboot fixes - Add shim-mokmanager-disable-gfx-console.patch to disable the graphics console to avoid system hang on some machines - Add shim-bnc841426-silence-shim-protocols.patch to silence the shim protocols (bnc#841426) ------------------------------------------------------------------- Wed Sep 25 07:17:54 UTC 2013 - glin@suse.com - Create boot.csv in ESP for fallback.efi to restore the boot entry ------------------------------------------------------------------- Tue Sep 17 10:53:50 CEST 2013 - fcrozat@suse.com - Update microsoft.asc: shim signed by UEFI signing service, based on code from "Fri Sep 6 13:57:36 UTC 2013". - Improve extract_signature.sh to work on current path. ------------------------------------------------------------------- Fri Sep 6 13:57:36 UTC 2013 - lnussel@suse.de - set timestamp of PE file to time of the binary the signature was made for. - make sure cert.o get's rebuilt for each target ------------------------------------------------------------------- Fri Sep 6 11:48:14 CEST 2013 - fcrozat@suse.com - Update microsoft.asc: shim signed by UEFI signing service, based on code from "Wed Aug 28 15:54:38 UTC 2013" ------------------------------------------------------------------- Wed Aug 28 15:54:38 UTC 2013 - lnussel@suse.de - always build a shim that embeds the distro's certificate (e.g. shim-opensuse.efi). If the package is built in the devel project additionally shim-devel.efi is created. That allows us to either load grub2/kernel signed by the distro or signed by the devel project, depending on use case. Also shim-$distro.efi from the devel project can be used to request additional signatures. ------------------------------------------------------------------- Wed Aug 28 07:16:51 UTC 2013 - lnussel@suse.de - also include old openSUSE 4096 bit certificate to be able to still boot kernels signed with that key. - add show_signatures script ------------------------------------------------------------------- Tue Aug 27 06:41:03 UTC 2013 - lnussel@suse.de - replace the 4096 bit openSUSE UEFI CA certificate with new a standard compliant 2048 bit one. ------------------------------------------------------------------- Tue Aug 20 11:48:25 UTC 2013 - lnussel@suse.de - fix shell syntax error ------------------------------------------------------------------- Wed Aug 7 15:51:36 UTC 2013 - lnussel@suse.de - don't include binary in the sources. Instead package the raw signature and attach it during build (bnc#813448). ------------------------------------------------------------------- Tue Jul 30 07:36:28 UTC 2013 - glin@suse.com - Update shim-mokmanager-ui-revamp.patch to include fixes for MokManager + reboot the system after clearing MOK password + fetch more info from X509 name + check the suffix of the key file ------------------------------------------------------------------- Tue Jul 23 03:55:05 UTC 2013 - glin@suse.com - Update to 0.4 - Rebase patches + shim-suse-build.patch + shim-mokmanager-support-crypt-hash-method.patch + shim-bnc804631-fix-broken-bootpath.patch + shim-bnc798043-no-doulbe-separators.patch + shim-bnc807760-change-pxe-2nd-loader-name.patch + shim-bnc808106-correct-certcount.patch + shim-mokmanager-ui-revamp.patch - Add patches + shim-merge-lf-loader-code.patch: merge the Linux Foundation loader UI code + shim-fix-pointer-casting.patch: fix a casting issue and the size of an empty vendor cert + shim-fix-simple-file-selector.patch: fix the buffer allocation in the simple file selector - Remove upstreamed patches + shim-support-mok-delete.patch + shim-reboot-after-changes.patch + shim-clear-queued-key.patch + shim-local-key-sign-mokmanager.patch + shim-get-2nd-stage-loader.patch + shim-fix-loadoptions.patch - Remove unused patch: shim-mokmanager-new-pw-hash.patch and shim-keep-unsigned-mokmanager.patch - Install the vendor certificate to /etc/uefi/certs ------------------------------------------------------------------- Wed May 8 06:40:12 UTC 2013 - glin@suse.com - Add shim-mokmanager-ui-revamp.patch to update the MokManager UI ------------------------------------------------------------------- Wed Apr 3 03:54:22 UTC 2013 - glin@suse.com - Call update-bootloader in %post to update *.efi in \efi\opensuse (bnc#813079) ------------------------------------------------------------------- Fri Mar 8 06:53:47 UTC 2013 - glin@suse.com - Add shim-bnc807760-change-pxe-2nd-loader-name.patch to change the PXE 2nd stage loader name (bnc#807760) - Add shim-bnc808106-correct-certcount.patch to correct the certificate count of the signature list (bnc#808106) ------------------------------------------------------------------- Fri Mar 1 10:07:55 UTC 2013 - glin@suse.com - Add shim-bnc798043-no-doulbe-separators.patch to remove double seperators from the bootpath (bnc#798043#c4) ------------------------------------------------------------------- Thu Feb 28 08:57:48 UTC 2013 - lnussel@suse.de - sign shim also with openSUSE certificate ------------------------------------------------------------------- Wed Feb 27 15:52:53 CET 2013 - mls@suse.de - identify project, export certificate as DER file - don't create an unused extra keypair ------------------------------------------------------------------- Thu Feb 21 10:08:12 UTC 2013 - glin@suse.com - Add shim-bnc804631-fix-broken-bootpath.patch to fix the broken bootpath generated in generate_path(). (bnc#804631) ------------------------------------------------------------------- Mon Feb 11 12:15:25 UTC 2013 - fcrozat@suse.com - Update with shim signed by UEFI signing service, based on code from "Thu Feb 7 06:56:19 UTC 2013". ------------------------------------------------------------------- Thu Feb 7 13:54:06 UTC 2013 - lnussel@suse.de - prepare for having a signed shim from the UEFI signing service ------------------------------------------------------------------- Thu Feb 7 06:56:19 UTC 2013 - glin@suse.com - Sign shim-opensuse.efi and MokManager.efi with the openSUSE cert - Add shim-keep-unsigned-mokmanager.patch to keep the unsigned MokManager and sign it later. ------------------------------------------------------------------- Wed Feb 6 06:35:45 UTC 2013 - mchang@suse.com - Add shim-install utility - Add Recommends to grub2-efi ------------------------------------------------------------------- Wed Jan 30 09:00:31 UTC 2013 - glin@suse.com - Add shim-mokmanager-support-crypt-hash-method.patch to support password hash from /etc/shadow (FATE#314506) ------------------------------------------------------------------- Tue Jan 29 03:20:48 UTC 2013 - glin@suse.com - Embed openSUSE-UEFI-CA-Certificate.crt in shim - Rename shim-unsigned.efi to shim-opensuse.efi. ------------------------------------------------------------------- Fri Jan 18 10:06:13 UTC 2013 - glin@suse.com - Update shim-mokmanager-new-pw-hash.patch to extend the password hash format - Rename shim.efi as shim-unsigned.efi ------------------------------------------------------------------- Wed Jan 16 08:01:55 UTC 2013 - glin@suse.com - Merge patches for FATE#314506 + Add shim-support-mok-delete.patch to add support for deleting specific keys + Add shim-mokmanager-new-pw-hash.patch to support the new password hash. - Drop shim-correct-mok-size.patch which is included in shim-support-mok-delete.patch - Merge shim-remove-debug-code.patch and shim-local-sign-mokmanager.patch into shim-local-key-sign-mokmanager.patch - Install COPYRIGHT ------------------------------------------------------------------- Tue Jan 15 03:17:53 UTC 2013 - glin@suse.com - Add shim-fix-loadoptions.patch to adopt the UEFI shell style LoadOptions (bnc#798043) - Drop shim-check-pk-kek.patch since upstream rejected the patch due to violation of SPEC. - Install EFI binaries to /usr/lib64/efi ------------------------------------------------------------------- Wed Dec 26 07:05:02 UTC 2012 - glin@suse.com - Update shim-reboot-after-changes.patch to avoid rebooting the system after enrolling keys/hashes from the file system - Add shim-correct-mok-size.patch to correct the size of MOK - Add shim-clear-queued-key.patch to clear the queued key and show the menu properly ------------------------------------------------------------------- Wed Dec 12 15:16:18 UTC 2012 - fcrozat@suse.com - Remove shim-rpmlintrc, it wasn't fixing the error, hide error stdout to prevent post build check to get triggered by cast warnings in openSSL code - Add shim-remove-debug-code.patch: remove debug code ------------------------------------------------------------------- Wed Dec 12 04:01:52 UTC 2012 - glin@suse.com - Add shim-rpmlintrc to filter 64bit portability errors ------------------------------------------------------------------- Tue Dec 11 07:36:32 UTC 2012 - glin@suse.com - Add shim-local-sign-mokmanager.patch to create a local certicate to sign MokManager - Add shim-get-2nd-stage-loader.patch to get the second stage loader path from the load options - Add shim-check-pk-kek.patch to verify EFI images with PK and KEK - Add shim-reboot-after-changes.patch to reboot the system after enrolling or erasing keys - Install the EFI images to /usr/lib64/shim instead of the EFI partition - Update the mail address of the author ------------------------------------------------------------------- Fri Nov 2 08:19:37 UTC 2012 - glin@suse.com - Add new package shim 0.2 (FATE#314484) + It's in fact git 2fd180a92 since there is no tag for 0.2