Shim 15.6 for CloudLinux OS 8

[andrewlukoshko]

Confirm the following are included in your repo, checking each box:

• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate(s) embedded in shim (the file passed to VENDOR_CERT_FILE)
• binaries, for which hashes are added to vendor_db ( if you use vendor_db and have hashes allow-listed )
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs
• a Dockerfile to reproduce the build of the provided shim EFI binaries

---

What is the link to your tag in a repo cloned from rhboot/shim-review?

---

https://github.com/cloudlinux/shim-review/tree/cloudlinux-shim-x86_64-20220621

---

What is the SHA256 hash of your final SHIM binary?

---

96dd31a8e0c9a2bb278a63be330c65b664b71b72a941e2959f8df5a596f8811a  shimia32.efi
dd2b4413b033df6a0152a2831804097a8a99e098b65de415d83807d285577ab7  shimx64.efi

[andrewlukoshko]

Previous accepted shim: #152

[andrewlukoshko]

@frozencemetery hello, we need security contacts verification here

[steve-mcintyre]

verification emails sent

[andrewlukoshko]

impressionism phalanges disturbs heathenish majorettes abler bounds semiprecious ungodly bragging

[steve-mcintyre]

Checking:

• shim builds reproduce here
• Cert looks OK: EV cert from Certum, expires 2024
• signing keys in an HSM
• SBAT data looks ok
• minor nit in the fwupd SBAT: please add the RHEL data too if you're derived
• 15.6, no patches
• grub config and patches all borrowed from RHEL
• Similar for Linux
• old shim and grub binaries will be blocked appropriately

All looks good, just waiting on the veriffication to complete!

[andrewlukoshko]

@steve-mcintyre Leonid's words:
parts warhorse métier Jeannette Buick Elbe milked soundproofs axe ravines

[steve-mcintyre]

all done, approved!

[andrewlukoshko]

Thanks!

[andrewlukoshko]

Shim is signed by MS, closing.