| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: shim | Distribution: openSUSE Tumbleweed |
| Version: 15.8 | Vendor: openSUSE |
| Release: 5.1 | Build date: Thu Mar 7 00:22:52 2024 |
| Group: System/Boot | Build host: i01-armsrv1 |
| Size: 1972172 | Source RPM: shim-15.8-5.1.src.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://github.com/rhboot/shim | |
| Summary: UEFI shim loader | |
shim is a trivial EFI application that, when run, attempts to open and execute another application.
BSD-2-Clause
* Mon Feb 26 2024 Dominique Leuenberger <dimstar@opensuse.org>
- Use %autosetup macro. Allows to eliminate the usage of deprecated
PatchN.
* Sat Feb 17 2024 Joey Lee <jlee@suse.com>
- Modified shim.spec file to add suffix string of project to filename
of included certificates. e.g.
rpm -pql shim-15.8-lp155.6.1.x86_64.rpm
/etc/uefi
/etc/uefi/certs
/etc/uefi/certs/2B697CB1-shim-devel.crt
/etc/uefi/certs/4659838C-shim-opensuse.crt
/etc/uefi/certs/BCA4E38E-shim-sles.crt
The original name of crt files are:
/etc/uefi/certs/2B697CB1-shim.crt
/etc/uefi/certs/4659838C-shim.crt
/etc/uefi/certs/BCA4E38E-shim.crt
It can indicate the souce project of certificates.
* Thu Feb 15 2024 Joey Lee <jlee@suse.com>
- Sometimes SLE shim signature be Microsoft updated before openSUSE shim
signature. When submit request on IBS for updating SLE shim, the submitreq
project be generated, but it always be blocked by checking the signature
of openSUSE shim.
It doesn't make sense checking openSUSE shim signature when building
SLE shim on SLE platform, and vice versa. So the following change adds the
logic to compare suffix (sles, opensuse) with distro_id (sle, opensuse).
When and only when hash mismatch and distro_id match with suffix, stop
building.
[#] compare suffix (sles, opensuse) with distro_id (sle, opensuse)
[#] when hash mismatch and distro_id match with suffix, stop building
- Sync the changelog between openSUSE:Factory/shim with SLE-15-SP3/shim
- Add CVE-2022-28737 number to "Mon Mar 27 09:26:02 UTC 2023" record
- Add "Thu Apr 13 05:28:10 UTC 2023" record for updating shim-install
for bsc#1210382.
- Add "Thu Apr 13 09:13:22 UTC 2023" record for changing the logic of
checking shim signature.
* Wed Feb 07 2024 Gary Ching-Pang Lin <glin@suse.com>
- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)
92d0f4305df73 Set the SRK algorithm for the TPM2 protector
* Fri Feb 02 2024 Gary Ching-Pang Lin <glin@suse.com>
- Limit the requirement of fde-tpm-helper-macros to the distro with
suse_version 1600 and above (bsc#1219460)
* Sun Jan 28 2024 Dennis Tseng <dennis.tseng@suse.com>
-- Update to version 15.8
- Various CVE fixes are already merged into this version
mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
- remove shim-Enable-the-NX-compatibility-flag-by-default.patch
The codes in this patch are already existing in shim-15.8
The NX flag is disable which is same as the default value of shim-15.8,
hence, not need to enable it by this patch now.
- Patches (git log --oneline --reverse 15.7..15.8)
657b248 Make sbat_var.S parse right with buggy gcc/binutils
7c76425 Enable the NX compatibility flag by default.
89972ae CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper
c7b3051 pe: Align section size up to page size for mem attrs
e4f40ae pe: Add IS_PAGE_ALIGNED macro
f23883c Don't loop forever in load_certs() with buggy firmware
1f38cb3 Optionally allow to keep shim protocol installed
102a658 Drop invalid calls to `CRYPTO_set_mem_functions`
aae3df0 test-sbat: Fix exit code
cca3933 Block Debian grub binaries with SBAT < 4
cf59f34 Further improve load_certs() for non-compliant drivers/firmwares
0601f44 SBAT-related documents formatting and spelling
0640e13 Add a security contact email address in README.md
0bfc397 Work around malformed path delimiters in file paths from DHCP
a8b0b60 pe: only process RelocDir->Size of reloc section
f7a4338 Skip testing msleep()
549d346 Rename 'msecs' to 'usecs' to avoid potential confusion
908c388 Change type of fallback_verbose_wait from int to unsigned long
05eae92 Add SbatLevel_Variable.txt to document the various revocations
243f125 Use -Wno-unused-but-set-variable for Cryptlib and OpenSSL
89d25a1 Add a make rule for compile_commands.json
118ff87 Add gnu-stack notes
f132655 test: Make our fake dprintf be a statement.
be00279 Remove CentOS 7 test builds.
9964960 Split pe.c up even more.
569270d Test (and fix) ImageAddress()
61e9894 Verify signature before verifying sbat levels
1578b55 Add libFuzzer support for csv.c
a0673e3 Fix a 1-byte memory leak in .sbat parsing.
e246812 Add libFuzzer support to the .sbat parser.
fd43eda Work around ImageAddress() usage mistake
1e985a3 Correctly free memory allocated in handle_image()
dbbe3c8 mok: Avoid underflow in maximum variable size calculation
04111d4 Make some of the static analysis tools a little easier to run
7ba7440 compile_commands.json: remove stuff clang doesn't like
66e6579 CVE-2023-40546 mok: fix LogError() invocation
f271826 Add primitives for overflow-checked arithmetic operations.
8372147 pe-relocate: Add a fuzzer for read_header()
5a5147d CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries
e912071 pe-relocate: make read_header() use checked arithmetic operations.
93ce255 CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat()
e7f5fdf pe-relocate: Ensure nothing else implements CVE-2023-40550
afdc503 CVE-2023-40549 Authenticode: verify that the signature header is in bounds.
96dccc2 CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system
dae82f6 Further mitigations against CVE-2023-40546 as a class
ea0f9df Allow SbatLevel data from external binary
b078ef2 Always clear SbatLevel when Secure Boot is disabled
7dfb687 BS Variables for bootmgr revocations
a967c0e shim should not self revoke
577cedd Print message when refusing to apply SbatLevel
e801b0d sbat revocations: check the full section name
0226b56 CVE-2023-40547 - avoid incorrectly trusting HTTP headers
6f0c8d2 Print errors when setting/clearing memory attrs
57c0eed Updated Revocations for January 2024 CVEs
49c6d95 Fix some minor ia32 build issues.
be8ff7c post-process-pe: Don't set the NX_COMPAT flag by default after all.
13abd9f pe-relocate: Avoid __builtin_add_overflow() on GCC < 5
c46c975 Suppress "Failed to open <..>\revocations.efi" when file does not exist
30a4f37 Rename "previous" revocations to "automatic"
6f395c2 Build time selectable automatic SBATLevel revocations
a23e2f0 netboot read_image() should not hardcode DEFAULT_LOADER
993a345 Try to load revocations.efi even if directory read fails
1770a03 gitmodules: use shim-15.8 for gnu-efi branch
5914984 (HEAD -> main, tag: latest-release, tag: 15.8, origin/main, origin/HEAD) Bump version to 15.8
* Wed Jan 24 2024 Ludwig Nussel <lnussel@suse.com>
- Generate dbx during build so we don't include binary files in sources
* Thu Oct 05 2023 Ludwig Nussel <lnussel@suse.com>
- Don't require grub so shim can still be used with systemd-boot
* Wed Sep 20 2023 Michael Chang <mchang@suse.com>
- Update shim-install to fix boot failure of ext4 root file system
on RAID10 (bsc#1205855)
226c94ca5cfca Use hint in looking for root if possible
* Tue Sep 19 2023 Gary Ching-Pang Lin <glin@suse.com>
- Adopt the macros from fde-tpm-helper-macros to update the
signature in the sealed key after a bootloader upgrade
* Mon May 15 2023 Gary Ching-Pang Lin <glin@suse.com>
- Update shim-install to amend full disk encryption support
b540061e041b Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
f2e8143ce831 Use the long name to specify the grub2 key protector
72830120e5ea cryptodisk: support TPM authorized policies
49e7a0d307f3 Do not use tpm_record_pcrs unless the command is in command.lst
* Thu Apr 13 2023 Joey Lee <jlee@suse.com>
- Sometimes SLE shim signature be Microsoft updated before openSUSE shim
signature. When submit request on IBS for updating SLE shim, the submitreq
project be generated, but it always be blocked by checking the signature
of openSUSE shim.
It doesn't make sense checking openSUSE shim signature when building
SLE shim on SLE platform, and vice versa. So the following change adds the
logic to compare suffix (sles, opensuse) with distro_id (sle, opensuse).
When and only when hash mismatch and distro_id match with suffix, stop
building.
[#] compare suffix (sles, opensuse) with distro_id (sle, opensuse)
[#] when hash mismatch and distro_id match with suffix, stop building
* Thu Apr 13 2023 Joey Lee <jlee@suse.com>
- Upgrade shim-install for bsc#1210382
After closing Leap-gap project since Leap 15.3, openSUSE Leap direct
uses shim from SLE. So the ca_string is 'SUSE Linux Enterprise Secure Boot
CA1', not 'openSUSE Secure Boot CA1'. It causes that the update_boot=no,
so all files in /boot/efi/EFI/boot are not updated.
The 86b73d1 patch added the logic that using ID field in os-release for
checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure
Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated.
- https://github.com/SUSE/shim-resources (git log --oneline)
86b73d1 Fix that bootx64.efi is not updated on Leap
f2e8143 Use the long name to specify the grub2 key protector
7283012 cryptodisk: support TPM authorized policies
49e7a0d Do not use tpm_record_pcrs unless the command is in command.lst
26c6bd5 Have grub take a snapshot of "relevant" TPM PCRs
5c2c3ad Handle different cases of controlling cryptomount volumes during first stage boot
a5c5734 Introduce --no-grub-install option
* Mon Apr 10 2023 Joey Lee <jlee@suse.com>
- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to
enable the NX compatibility flag when using post-process-pe after
discussed with grub2 experts in mail. It's useful for further development
and testing. (bsc#1205588)
* Mon Mar 27 2023 Joey Lee <jlee@suse.com>
- Updated shim signature after shim 15.7 of SLE be signed back:
signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458, CVE-2022-28737)
* Thu Jan 12 2023 Joey Lee <jlee@suse.com>
- Removed shim-bsc1198101-opensuse-cert-prompt.patch (bsc#1198101)
- Detail discussion is in bugzilla:
https://bugzilla.suse.com/show_bug.cgi?id=1198101
- The shim community review and challenge this prompt. No other
distro shows prompt (Have checked Fedora 37, CentOS 9 and Ubuntu 22.10).
Currently, it blocked the review process of openSUSE shim.
- Other distros lock-down kernel when secure boot is enabled. Some of
them used different key for signing kernel binary with In-tree kernel
module. And their build service does not provide signed Out-off-tree
module.
* Fri Dec 09 2022 Joey Lee <jlee@suse.com>
- Modified shim-install, add the following Olaf Kirch's patches to support
full disk encryption: (jsc#PED-922)
a5c57340740c Introduce --no-grub-install option
5c2c3addc51f Handle different cases of controlling cryptomount volumes during first stage boot
26c6bd5df7ae Have grub take a snapshot of "relevant" TPM PCRs
* Wed Nov 23 2022 Joey Lee <jlee@suse.com>
- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
disable the NX compatibility flag when using post-process-pe because
grub2 is not ready. (bsc#1205588)
- Kernel can boot with the NX compatibility flag since 82e0d6d76a2a7
be merged to v5.19. On the other hand, upstream is working on
improve compressed kernel stage for NX:
[PATCH v3 00/24] x86_64: Improvements at compressed kernel stage
https://www.spinics.net/lists/kernel/msg4599636.html
* Fri Nov 18 2022 Joey Lee <jlee@suse.com>
- Add shim-Enable-the-NX-compatibility-flag-by-default.patch to
enable the NX compatibility flag by default. (jsc#PED-127)
* Fri Nov 18 2022 Joey Lee <jlee@suse.com>
- Drop upstreamed patch:
- shim-Enable-TDX-measurement-to-RTMR-register.patch
- Enable TDX measurement to RTMR register (jsc#PED-1273)
- 4fd484e4c2 15.7
* Thu Nov 17 2022 Joey Lee <jlee@suse.com>
- Update to 15.7 (bsc#1198458)(jsc#PED-127)
- Patches (git log --oneline --reverse 15.6..15.7)
0eb07e1 Make SBAT variable payload introspectable
092c2b2 Reference MokListRT instead of MokList
8b59b69 Add a link to the test plan in the readme.
4fd484e Enable TDX measurement to RTMR register
14d6339 Discard load-options that start with a NUL
5c537b3 shim: Flush the memory region from i-cache before execution
2d4ebb5 load_cert_file: Fix stack issue
ea4911c load_cert_file: Use EFI RT memory function
0cf43ac Add -malign-double to IA32 compiler flags
17f0233 pe: Fix image section entry-point validation
5169769 make-archive: Build reproducible tarball
aa1b289 mok: remove MokListTrusted from PCR 7
53509ea CryptoPkg/BaseCryptLib: fix NULL dereference
616c566 More coverity modeling
ea0d0a5 Update shim's .sbat to sbat,3
dd8be98 Bump grub's sbat requirement to grub,3
1149161 (HEAD -> main, tag: 15.7, origin/main, origin/HEAD) Update version to 15.7
- 15.7 release note https://github.com/rhboot/shim/releases
Make SBAT variable payload introspectable by @chrisccoulson in #483
Reference MokListRT instead of MokList by @esnowberg in #488
Add a link to the test plan in the readme. by @vathpela in #494
[V3] Enable TDX measurement to RTMR register by @kenplusplus in #485
Discard load-options that start with a NUL by @frozencemetery in #505
load_cert_file bugs by @esnowberg in #523
Add -malign-double to IA32 compiler flags by @nicholasbishop in #516
pe: Fix image section entry-point validation by @iokomin in #518
make-archive: Build reproducible tarball by @julian-klode in #527
mok: remove MokListTrusted from PCR 7 by @baloo in #519
- Drop upstreamed patch:
- shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
- Cryptlib/CryptAuthenticode: fix NULL pointer dereference in AuthenticodeVerify()
- 53509eaf22 15.7
- shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch
- For backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127)
- The following patches are merged to 15.7
aa1b289a1a mok: remove MokListTrusted from PCR 7
0cf43ac6d7 Add -malign-double to IA32 compiler flags
ea4911c2f3 load_cert_file: Use EFI RT memory function
2d4ebb5a79 load_cert_file: Fix stack issue
5c537b3d0c shim: Flush the memory region from i-cache before execution
14d6339829 Discard load-options that start with a NUL
092c2b2bbe Reference MokListRT instead of MokList
0eb07e11b2 Make SBAT variable payload introspectable
* Thu Nov 17 2022 Joey Lee <jlee@suse.com>
- Update shim.changes, added missed shim 15.6-rc1 and 15.6 changelog to
the item in Update to 15.6. (bsc#1198458)
* Tue Nov 15 2022 Joey Lee <jlee@suse.com>
- Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following
patches between 15.6 with aa1b289a1a (jsc#PED-127):
aa1b289a1a16774afc3143b8948d97261f0872d0 mok: remove MokListTrusted from PCR 7
0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Add -malign-double to IA32 compiler flags
ea4911c2f3ce8f8f703a1476febac86bb16b00fd load_cert_file: Use EFI RT memory function
2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef load_cert_file: Fix stack issue
5c537b3d0cf8c393dad2e61d49aade68f3af1401 shim: Flush the memory region from i-cache before execution
14d63398298c8de23036a4cf61594108b7345863 Discard load-options that start with a NUL
092c2b2bbed950727e41cf450b61c794881c33e7 Reference MokListRT instead of MokList
0eb07e11b20680200d3ce9c5bc59299121a75388 Make SBAT variable payload introspectable
* Tue Nov 15 2022 Joey Lee <jlee@suse.com>
- Add shim-Enable-TDX-measurement-to-RTMR-register.patch to support
enhance shim measurement to TD RTMR. (jsc#PED-1273)
* Tue Nov 15 2022 Joey Lee <jlee@suse.com>
- For pushing openSUSE:Factory/shim to SLE15-SP5, sync the shim.spec
and shim.changes: (jsc#PED-127)
- Add some change log from SLE shim.changes to Factory shim.changes
Those messages are added "(sync shim.changes from SLE)" tag.
- Add the following changes to shim.spec
- only apply Patch100, the shim-bsc1198101-opensuse-cert-prompt.patch
on openSUSE.
- Enable the AArch64 signature check for SLE:
[#] AArch64 signature
signature=%{SOURCE13}
* Thu Sep 29 2022 Michael Chang <mchang@suse.com>
- shim-install: ensure grub.cfg created is not overwritten after
installing grub related files
* Mon Sep 12 2022 Kilian Hanich <khanich.opensource@gmx.de>
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable.
(bsc#1201066)
* Fri Aug 05 2022 Joey Lee <jlee@suse.com>
- Add logic to shim.spec for detecting --set-sbat-policy option before
using mokutil to set sbat policy. (bsc#1202120)
* Fri Jul 29 2022 Joey Lee <jlee@suse.com>
- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
* Mon Jul 25 2022 Joey Lee <jlee@suse.com>
- Revoked the change in shim.spec for "use common SBAT values (boo#1193282)"
- we need to build openSUSE Tumbleweed's shim on Leap 15.4 because Factory
is unstable for building out a stable shim binary for signing. (bsc#1198458)
- But the rpm-config-suse package in Leap 15.4 is direct copied from SLE 15.4
because closing-the-leap-gap. So sbat_distro_* variables are SLE version,
not for openSUSE. (bsc#1198458)
* Tue Jun 28 2022 Joey Lee <jlee@suse.com>
- Update to 15.6 (bsc#1198458)
- shim-15.6.tar.bz2 is downloaded from bsc#1198458#c76
which is from upstream grub2.cve_2021_3695.ms keybase channel.
- For building 15.6~rc1 aarch64 image (d6eb9c6 Modernize aarch64), objcopy needs to
support efi-app-aarch64 target. So we need the following patches in bintuils:
- binutils-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
b69c9d41e8 AArch64: Add support for AArch64 EFI (efi-*-aarch64).
- binutils-Re-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
32384aa396 Re: AArch64: Add support for AArch64 EFI (efi-*-aarch64)
- binutils-Re-Add-support-for-AArch64-EFI-efi-aarch64.patch
d91c67e873 Re: Add support for AArch64 EFI (efi-*-aarch64)
- Patches (git log --oneline --reverse 15.5~..77144e5a4)
448f096 MokManager: removed Locate graphic output protocol fail error message (bsc#1193315, bsc#1198458)
a2da05f shim: implement SBAT verification for the shim_lock protocol
bda03b8 post-process-pe: Fix a missing return code check
af18810 CI: don't cancel testing when one fails
ba580f9 CI: remove EOL Fedoras from github actions
bfeb4b3 Remove aarch64 build tests before f35
38cc646 CI: Add f36 and centos9 CI build tests.
b5185cb post-process-pe: Fix format string warnings on 32-bit platforms
31094e5 tests: also look for system headers in multi-arch directories
4df989a mock-variables.c: fix gcc warning
6aac595 test-str.c: fix gcc warnings with FORTIFY_SOURCE enabled
2670c6a Allow MokListTrusted to be enabled by default
5c44aaf Add code of conduct
d6eb9c6 Modernize aarch64
9af50c1 Use ASCII as fallback if Unicode Box Drawing characters fail
de87985 make: don't treat cert.S specially
803dc5c shim: use SHIM_DEVEL_VERBOSE when built in devel mode
6402f1f SBAT matching: Break out of the inner sbat loop if we find the entry.
bb4b60e Add verify_image
acfd48f Abstract out image reading
35d7378 Load additional certs from a signed binary
8ce2832 post-process-pe: there is no 's' argument.
465663e Add some missing PE image flag definitions
226fee2 PE Loader: support and require NX
df96f48 Add MokPolicy variable and MOK_POLICY_REQUIRE_NX
b104fc4 post-process-pe: set EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT
f81a7cc SBAT revocation management
abe41ab make: unbreak scan-build again for gnu-efi
610a1ac sbat.h: minor reformatting for legibility
f28833f peimage.h: make our signature macros force the type
5d789ca Always initialize data/datasize before calling read_image()
a50d364 sbat policy: make our policy change actions symbolic
5868789 load_certs: trust dir->Read() slightly less.
a78673b mok.c: fix a trivial dead assignment
759f061 Fix preserve_sbat_uefi_variable() logic
aa61fdf Give the Coverity scanner some more GCC blinders...
0214cd9 load_cert_file(): don't defererence NULL
1eca363 mok import: handle OOM case
75449bc sbat: Make nth_sbat_field() honor the size limit
c0bcd04 shim-15.6~rc1
77144e5 SBAT Policy latest should be a one-shot
- 15.5 release note https://github.com/rhboot/shim/releases
Broken ia32 relocs and an unimportant submodule change. by @vathpela in #357
mok: allocate MOK config table as BootServicesData by @lcp in #361
Don't call QueryVariableInfo() on EFI 1.10 machines by @vathpela in #364
Relax the check for import_mok_state() by @lcp in #372
SBAT.md: trivial changes by @hallyn in #389
shim: another attempt to fix load options handling by @chrisccoulson in #379
Add tests for our load options parsing. by @vathpela in #390
arm/aa64: fix the size of .rela* sections by @lcp in #383
mok: fix potential buffer overrun in import_mok_state by @jyong2 in #365
mok: relax the maximum variable size check by @lcp in #369
Don't unhook ExitBootServices when EBS protection is disabled by @sforshee in #378
fallback: find_boot_option() needs to return the index for the boot entry in optnum by @jsetje in #396
httpboot: Ignore case when checking HTTP headers by @frozencemetery in #403
Fallback allocation errors by @vathpela in #402
shim: avoid BOOTx64.EFI in message on other architectures by @xypron in #406
str: remove duplicate parameter check by @xypron in #408
fallback: add compile option FALLBACK_NONINTERACTIVE by @xnox in #359
Test mok mirror by @vathpela in #394
Modify sbat.md to help with readability. by @eshiman in #398
csv: detect end of csv file correctly by @xypron in #404
Specify that the .sbat section is ASCII not UTF-8 by @daxtens in #413
tests: add "include-fixed" GCC directory to include directories by @diabonas in #415
pe: simplify generate_hash() by @xypron in #411
Don't make shim abort when TPM log event fails (RHBZ #2002265) by @rmetrich in #414
Fallback to default loader if parsed one does not exist by @julian-klode in #393
fallback: Fix for BootOrder crash when index returned by find_boot_option() is not in current BootOrder list by @rmetrich in #422
Better console checks by @vathpela in #416
docs: update SBAT UEFI variable name by @nicholasbishop in #421
Don't parse load options if invoked from removable media path by @julian-klode in #399
fallback: fix fallback not passing arguments of the first boot option by @martinezjavier in #433
shim: Don't stop forever at "Secure Boot not enabled" notification by @rmetrich in #438
Shim 15.5 coverity by @vathpela in #439
Allocate mokvar table in runtime memory. by @vathpela in #447
Remove post-process-pe on 'make clean' by @vathpela in #448
pe: missing perror argument by @xypron in #443
- 15.6-rc1 release note https://github.com/rhboot/shim/releases
MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441
shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456
post-process-pe: Fix a missing return code check by @vathpela in #462
Update github actions matrix to be more useful by @frozencemetery in #469
Add f36 and centos9 CI builds by @vathpela in #470
post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464
tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466
tests: fix gcc warnings by @akodanev in #463
Allow MokListTrusted to be enabled by default by @esnowberg in #455
Add code of conduct by @frozencemetery in #427
Re-add ARM AArch64 support by @vathpela in #468
Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428
make: don't treat cert.S specially by @vathpela in #475
shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474
Break out of the inner sbat loop if we find the entry. by @vathpela in #476
Support loading additional certificates by @esnowberg in #446
Add support for NX (W^X) mitigations. by @vathpela in #459
Misc fixups from scan-build. by @vathpela in #477
Fix preserve_sbat_uefi_variable() logic by @jsetje in #478
- 15.6 release note https://github.com/rhboot/shim/releases
MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441
shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456
post-process-pe: Fix a missing return code check by @vathpela in #462
Update github actions matrix to be more useful by @frozencemetery in #469
Add f36 and centos9 CI builds by @vathpela in #470
post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464
tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466
tests: fix gcc warnings by @akodanev in #463
Allow MokListTrusted to be enabled by default by @esnowberg in #455
Add code of conduct by @frozencemetery in #427
Re-add ARM AArch64 support by @vathpela in #468
Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428
make: don't treat cert.S specially by @vathpela in #475
shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474
Break out of the inner sbat loop if we find the entry. by @vathpela in #476
Support loading additional certificates by @esnowberg in #446
Add support for NX (W^X) mitigations. by @vathpela in #459
Misc fixups from scan-build. by @vathpela in #477
Fix preserve_sbat_uefi_variable() logic by @jsetje in #478
SBAT Policy latest should be a one-shot by @jsetje in #481
pe: Fix a buffer overflow when SizeOfRawData > VirtualSize by @chriscoulson
pe: Perform image verification earlier when loading grub by @chriscoulson
Update advertised sbat generation number for shim by @jsetje
Update SBAT generation requirements for 05/24/22 by @jsetje
Also avoid CVE-2022-28737 in verify_image() by @vathpela
- Drop upstreamed patch:
- shim-bsc1184454-allocate-mok-config-table-BS.patch
- Allocate MOK config table as BootServicesData to avoid the error message
from linux kernel
- 4068fd42c8 15.5-rc1~70
- shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
- Handle ignore_db and user_insecure_mode correctly
- 822d07ad4f07 15.5-rc1~73
- shim-bsc1185621-relax-max-var-sz-check.patch
- Relax the maximum variable size check for u-boot
- 3f327f546c219634b2 15.5-rc1~49
- shim-bsc1185261-relax-import_mok_state-check.patch
- Relax the check for import_mok_state() when Secure Boot is off
- 9f973e4e95b113 15.5-rc1~67
- shim-bsc1185232-relax-loadoptions-length-check.patch
- Relax the check for the LoadOptions length
- ada7ff69bd8a95 15.5-rc1~52
- shim-fix-aa64-relsz.patch
- Fix the size of rela* sections for AArch64
- 34e3ef205c5d65 15.5-rc1~51
- shim-bsc1187260-fix-efi-1.10-machines.patch
- Don't call QueryVariableInfo() on EFI 1.10 machines
- 493bd940e5 15.5-rc1~69
- shim-bsc1185232-fix-config-table-copying.patch
- Avoid buffer overflow when copying the MOK config table
- 7501b6bb44 15.5-rc1~50
- shim-bsc1187696-avoid-deleting-rt-variables.patch
- Avoid deleting the mirrored RT variables
- b1fead0f7c9 15.5-rc1~37
- Add "rm -f *.o" after building MokManager/fallback in shim.spec
to make sure all object files gets rebuilt
- reference: https://github.com/rhboot/shim/pull/461
- The following fix-CVE-2022-28737-v6 patches against bsc#1198458 are included
in shim-15.6.tar.bz2
- shim-bsc1198458-pe-Fix-a-buffer-overflow-when-SizeOfRawData-VirtualS.patch
pe: Fix a buffer overflow when SizeOfRawData VirtualSize
- shim-bsc1198458-pe-Perform-image-verification-earlier-when-loading-g.patch
pe: Perform image verification earlier when loading grub
- shim-bsc1198458-Update-advertised-sbat-generation-number-for-shim.patch
Update advertised sbat generation number for shim
- shim-bsc1198458-Update-SBAT-generation-requirements-for-05-24-22.patch
Update SBAT generation requirements for 05/24/22
- shim-bsc1198458-Also-avoid-CVE-2022-28737-in-verify_image.patch
Also avoid CVE-2022-28737 in verify_image()
- 0006-shim-15.6-rc2.patch
- 0007-sbat-add-the-parsed-SBAT-variable-entries-to-the-deb.patch
sbat: add the parsed SBAT variable entries to the debug log
- 0008-bump-version-to-shim-15.6.patch
- Add mokutil command to post script for setting sbat policy to latest mode
when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
(bsc#1198458)
- Add shim-bsc1198101-opensuse-cert-prompt.patch back to openSUSE shim to
show the prompt to ask whether the user trusts openSUSE certificate or not
(bsc#1198101)
- Updated vendor dbx binary and script (bsc#1198458)
- Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
- Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
- Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
file which includes all .der for testing environment.
* Tue Apr 12 2022 Ludwig Nussel <lnussel@suse.de>
- use common SBAT values (boo#1193282)
* Thu Jul 15 2021 Johannes Segitz <jsegitz@suse.com>
- Update the SLE signatures (sync shim.changes from SLE)
* Thu Jul 01 2021 Gary Ching-Pang Lin <glin@suse.com>
- Add shim-bsc1187696-avoid-deleting-rt-variables.patch to avoid
deleting the mirrored RT variables (bsc#1187696)
* Mon Jun 21 2021 Gary Ching-Pang Lin <glin@suse.com>
(sync shim.changes from SLE)
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
the size of MokListXRT (bsc#1185261)
+ Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
to handle ignore_db and user_insecure_mode correctly
(bsc#1185441, bsc#1187071)
- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the
maximum variable size check for u-boot (bsc#1185621)
+ Also drop AArch64 suse-signed shim since we merged this patch
- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax
the check for import_mok_state() when Secure Boot is off.
(bsc#1185261)
- Add shim-bsc1185232-relax-loadoptions-length-check.patch to
ignore the odd LoadOptions length (bsc#1185232)
- shim-install: reset def_shim_efi to "shim.efi" if the given
file doesn't exist
- Add shim-fix-aa64-relsz.patch to fix the size of rela sections
for AArch64
Fix: https://github.com/rhboot/shim/issues/371
- Add shim-disable-export-vendor-dbx.patch to disable exporting
vendor-dbx to MokListXRT since writing a large RT variable
could crash some machines (bsc#1185261)
- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the
potential crash when calling QueryVariableInfo in EFI 1.10
machines (bsc#1187260)
- Add shim-bsc1185232-fix-config-table-copying.patch to avoid
buffer overflow when copying data to the MOK config table
(bsc#1185232)
* Mon Jun 21 2021 Gary Ching-Pang Lin <glin@suse.com>
- Add shim-bsc1185232-fix-config-table-copying.patch to avoid
buffer overflow when copying data to the MOK config table
(bsc#1185232)
* Mon Jun 21 2021 Gary Ching-Pang Lin <glin@suse.com>
- Add shim-disable-export-vendor-dbx.patch to disable exporting
vendor-dbx to MokListXRT since writing a large RT variable
could crash some machines (bsc#1185261)
- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the
potential crash when calling QueryVariableInfo in EFI 1.10
machines (bsc#1187260)
* Thu Jun 17 2021 Gary Ching-Pang Lin <glin@suse.com>
- Add shim-fix-aa64-relsz.patch to fix the size of rela sections
for AArch64
Fix: https://github.com/rhboot/shim/issues/371
* Fri Jun 04 2021 Gary Ching-Pang Lin <glin@suse.com>
- Add shim-bsc1185232-relax-loadoptions-length-check.patch to
ignore the odd LoadOptions length (bsc#1185232)
* Fri Jun 04 2021 Gary Ching-Pang Lin <glin@suse.com>
- shim-install: reset def_shim_efi to "shim.efi" if the given
file doesn't exist
* Wed May 19 2021 Gary Ching-Pang Lin <glin@suse.com>
- shim-install: instead of assuming "removable" for Azure, remove
fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot
to make \EFI\Boot bootable and keep the boot option created by
efibootmgr (bsc#1185464, bsc#1185961)
* Tue May 11 2021 Gary Ching-Pang Lin <glin@suse.com>
- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax
the check for import_mok_state() when Secure Boot is off.
(bsc#1185261)
* Fri May 07 2021 Gary Ching-Pang Lin <glin@suse.com>
- shim-install: always assume "removable" for Azure to avoid the
endless reset loop (bsc#1185464)
* Thu May 06 2021 Gary Ching-Pang Lin <glin@suse.com>
- Include suse-signed shim for AArch64 (bsc#1185621)
(sync shim.changes from SLE)
* Thu May 06 2021 Gary Ching-Pang Lin <glin@suse.com>
- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the
maximum variable size check for u-boot (bsc#1185621)
* Mon May 03 2021 Gary Ching-Pang Lin <glin@suse.com>
- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
to handle ignore_db and user_insecure_mode correctly
(bsc#1185441, bsc#1187071)
* Wed Apr 28 2021 Gary Ching-Pang Lin <glin@suse.com>
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
the size of MokListXRT (bsc#1185261)
+ Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
* Thu Apr 22 2021 Gary Ching-Pang Lin <glin@suse.com>
- Enable the AArch64 signature check for SLE (sync shim.changes from SLE)
* Wed Apr 21 2021 Johannes Segitz <jsegitz@suse.com>
- Update the SLE signatures (sync shim.changes from SLE)
* Thu Apr 08 2021 Gary Ching-Pang Lin <glin@suse.com>
- Add shim-bsc1184454-allocate-mok-config-table-BS.patch to avoid
the error message during linux system boot (bsc#1184454)
* Wed Apr 07 2021 Johannes Segitz <jsegitz@suse.com>
- Add remove_build_id.patch to prevent the build id being added to
the binary. That can cause issues with the signature
* Wed Mar 31 2021 Gary Ching-Pang Lin <glin@suse.com>
- Update to 15.4 (bsc#1182057)
+ Rename the SBAT variable and fix the self-check of SBAT
+ sbat: add more dprint()
+ arm/aa64: Swizzle some sections to make old sbsign happier
+ arm/aa64 targets: put .rel* and .dyn* in .rodata
- Drop upstreamed patch:
+ shim-bsc1182057-sbat-variable-enhancement.patch
* Mon Mar 29 2021 Gary Ching-Pang Lin <glin@suse.com>
- Add shim-bsc1182057-sbat-variable-enhancement.patch to change
the SBAT variable name and enhance the handling of SBAT
(bsc#1182057)
* Wed Mar 24 2021 Gary Ching-Pang Lin <glin@suse.com>
- Update to 15.3 for SBAT support (bsc#1182057)
+ Drop gnu-efi from BuildRequires since upstream pull it into the
tar ball.
- Generate vender-specific SBAT metadata
+ Add dos2unix to BuildRequires since Makefile requires it for
vendor SBAT
- Update dbx-cert.tar.xz and vendor-dbx.bin to block the following
sign keys:
+ SLES-UEFI-SIGN-Certificate-2020-07.crt
+ openSUSE-UEFI-SIGN-Certificate-2020-07.crt
- Refresh patches
+ shim-arch-independent-names.patch
+ shim-change-debug-file-path.patch
+ shim-bsc1177315-verify-eku-codesign.patch
- Unified with shim-bsc1177315-fix-buffer-use-after-free.patch
- Drop upstreamed fixes
+ shim-correct-license-in-headers.patch
+ shim-always-mirror-mok-variables.patch
+ shim-bsc1175509-more-tpm-fixes.patch
+ shim-bsc1173411-only-check-efi-var-on-sb.patch
+ shim-fix-verify-eku.patch
+ gcc9-fix-warnings.patch
+ shim-fix-gnu-efi-3.0.11.patch
+ shim-bsc1177404-fix-a-use-of-strlen.patch
+ shim-do-not-write-string-literals.patch
+ shim-VLogError-Avoid-Null-pointer-dereferences.patch
+ shim-bsc1092000-fallback-menu.patch
+ shim-bsc1175509-tpm2-fixes.patch
+ shim-bsc1174512-correct-license-in-headers.patch
+ shim-bsc1182776-fix-crash-at-exit.patch
- Drop shim-opensuse-cert-prompt.patch
+ All newly released openSUSE kernels enable kernel lockdown
and signature verification, so there is no need to add the
prompt anymore.
* Thu Mar 11 2021 Gary Ching-Pang Lin <glin@suse.com>
- Refresh shim-bsc1182776-fix-crash-at-exit.patch to do the cleanup
also when Secure Boot is disabled (bsc#1183213, bsc#1182776)
- Merged linker-version.pl into timestamp.pl and add the linker
version to signature files accordingly
* Mon Mar 08 2021 Gary Ching-Pang Lin <glin@suse.com>
- Add shim-bsc1182776-fix-crash-at-exit.patch to fix the potential
crash at Exit() (bsc#1182776)
* Fri Jan 22 2021 Gary Ching-Pang Lin <glin@suse.com>
- Update the SLE signature
- Exclude some patches from x86_64 to avoid breaking the signature
- Add shim-correct-license-in-headers.patch back for x86_64 to
match the SLE signature
- Add linker-version.pl to modify the EFI/PE header to match the
SLE signature
/etc/uefi /etc/uefi/certs /etc/uefi/certs/4659838C-shim-opensuse.crt /usr/sbin/shim-install /usr/share/doc/packages/shim /usr/share/doc/packages/shim/COPYRIGHT /usr/share/efi /usr/share/efi/aarch64 /usr/share/efi/aarch64/MokManager.efi /usr/share/efi/aarch64/fallback.efi /usr/share/efi/aarch64/shim-opensuse.der /usr/share/efi/aarch64/shim-opensuse.efi /usr/share/efi/aarch64/shim.efi
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Mar 31 00:21:05 2024