Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Debian GNU/Linux 10 shim-15.6-1 x64 and ia32 #269

Closed
8 tasks done
steve-mcintyre opened this issue Aug 6, 2022 · 3 comments
Closed
8 tasks done

Debian GNU/Linux 10 shim-15.6-1 x64 and ia32 #269

steve-mcintyre opened this issue Aug 6, 2022 · 3 comments
Labels
accepted Submission is ready for sysdev

Comments

@steve-mcintyre
Copy link
Collaborator

Confirm the following are included in your repo, checking each box:

  • completed README.md file with the necessary information
  • shim.efi to be signed
  • public portion of your certificate(s) embedded in shim (the file passed to VENDOR_CERT_FILE)
  • binaries, for which hashes are added to vendor_db ( if you use vendor_db and have hashes allow-listed )
  • any extra patches to shim via your own git tree or as files
  • any extra patches to grub via your own git tree or as files
  • build logs
  • a Dockerfile to reproduce the build of the provided shim EFI binaries

What is the link to your tag in a repo cloned from rhboot/shim-review?

https://github.com/steve-mcintyre/shim-review/tree/debian-10-shim-amd64-i386-20220806

What is the SHA256 hash of your final SHIM binary?

c4b270ee337cbf62ee5f677df4962ccc30d8db072f7915da19196f2b362ea935  shimia32.efi
14d3edf3506e8582c30cbd6472f413b8a7e5c5997992962ec3775f9e75367abe  shimx64.efi
@ecos-platypus
Copy link
Contributor

Disclaimer: I am not an authorized reviewer but review other shims to reduce the workload of the authorized reviewers and speed up the process for everyone.

Review was conducted in accordance to the reviewer guidelines (https://github.com/rhboot/shim/wiki/reviewer-guidelines)

This request is very similar to #267 which I reviewed before (#267 (comment)). I diffed the repositories associated with both requests and only highlight the differences.

  • Build reproduces for shimx64.efi and shimia32.efi
  • shim is built from https://salsa.debian.org/efi-team/shim.git rather than the release tar.gz. I diffed the 15.6 tag in the upstream shim repository with the debian/15.6-1_deb10u1 tag checked out from the Debian repository and there were no changes in the shim source code apart from an additional debian directory
    • Two patches are applied for arm64 for builds with older toolchains but as outlined in README.md, the arm64 binaries do not need to be signed as part of this shim review request
  • Linux Kernel 4.19.249 with lockdown patches is used

Looks good to me.

@frozencemetery
Copy link
Member

Looks good to me.

@frozencemetery frozencemetery added the accepted Submission is ready for sysdev label Aug 15, 2022
@steve-mcintyre steve-mcintyre mentioned this issue Feb 9, 2023
Closed
8 tasks
@steve-mcintyre
Copy link
Collaborator Author

Closing, signing never happened

This was referenced Feb 9, 2023
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
accepted Submission is ready for sysdev
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@frozencemetery @steve-mcintyre @ecos-platypus