Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Debian GNU/Linux 12 shim-15.7-1 x64, ia32 and aarch64 #315

Closed
8 tasks done
steve-mcintyre opened this issue Feb 9, 2023 · 2 comments
Closed
8 tasks done

Debian GNU/Linux 12 shim-15.7-1 x64, ia32 and aarch64 #315

steve-mcintyre opened this issue Feb 9, 2023 · 2 comments
Labels
accepted Submission is ready for sysdev

Comments

@steve-mcintyre
Copy link
Collaborator

steve-mcintyre commented Feb 9, 2023
edited
Loading

Confirm the following are included in your repo, checking each box:

  • completed README.md file with the necessary information
  • shim.efi to be signed
  • public portion of your certificate(s) embedded in shim (the file passed to VENDOR_CERT_FILE)
  • binaries, for which hashes are added to vendor_db ( if you use vendor_db and have hashes allow-listed )
  • any extra patches to shim via your own git tree or as files
  • any extra patches to grub via your own git tree or as files
  • build logs
  • a Dockerfile to reproduce the build of the provided shim EFI binaries

What is the link to your tag in a repo cloned from rhboot/shim-review?

https://github.com/steve-mcintyre/shim-review/tree/debian-12-shim-amd64-arm64-i386-20230209

What is the SHA256 hash of your final SHIM binary?

9bc618c413325a52bf9495281858830b80b8c220bfa612c5cbe8d6f09bb00ee7 shimaa64.efi
9d31c61a9d83b9af00b906c7c008fee7760f87859d5a764c4ff25d9819cdbfb2 shimia32.efi
7d0bf31ae1a8a2538c7b8b712335d168d7f6f010020c63e9e05cceb8d06bac11 shimx64.efi

What is the link to your previous shim review request (if any, otherwise N/A)?

#267, #268, #269 (15.6, accepted, but never signed due to issues with submission)
#184, #185 (15.4, accepted and signed)

Very similar to #316 and #317
This was referenced Feb 9, 2023
Closed
Closed
@THS-on
Copy link
Collaborator

THS-on commented Feb 9, 2023

Disclaimer: I am not a not an authorized reviewer

Because the rest is nearly identical to #317, here are only the parts specific to the Debian 12 Shim.

  • Arm specific patches are dropped.
  • fwupd SBAT identifier changed from fwupd to fwupd-efi. This is because upstream moved the EFI part into a separate project: https://github.com/fwupd/fwupd-efi
  • Shim reproduces using the Dockerfile, SBAT matches the provided values, NX patch is applied

Hashes

7d0bf31ae1a8a2538c7b8b712335d168d7f6f010020c63e9e05cceb8d06bac11  /shim/shimx64.efi
7d0bf31ae1a8a2538c7b8b712335d168d7f6f010020c63e9e05cceb8d06bac11  /shim-review/shimx64.efi
9d31c61a9d83b9af00b906c7c008fee7760f87859d5a764c4ff25d9819cdbfb2  /shim/shimia32.efi
9d31c61a9d83b9af00b906c7c008fee7760f87859d5a764c4ff25d9819cdbfb2  /shim-review/shimia32.efi
9bc618c413325a52bf9495281858830b80b8c220bfa612c5cbe8d6f09bb00ee7  /shim/shimaa64.efi
9bc618c413325a52bf9495281858830b80b8c220bfa612c5cbe8d6f09bb00ee7  /shim-review/shimaa64.efi

SBAT

sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
shim,3,UEFI shim,shim,1,https://github.com/rhboot/shim
shim.debian,1,Debian,shim,15.7,https://tracker.debian.org/pkg/shim

@frozencemetery frozencemetery added the accepted Submission is ready for sysdev label Feb 16, 2023
@steve-mcintyre
Copy link
Collaborator Author

Signed binaries returned, closing

This was referenced May 13, 2024
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
accepted Submission is ready for sysdev
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@frozencemetery @THS-on @steve-mcintyre