Closed andrewlukoshko closed 3 months ago
shim needs to be updated to upstream version 15.8. Source from RHEL shim-review submission is uploaded to https://git.almalinux.org/rpms/shim-unsigned-x64/src/branch/c8
Steps: 1) Merge 15.8 to a8 branch 2) Switch to generating vendor_db.esl dynamically. See CloudLinux approarch:
BuildRequires: efitools ... # Prepare vendor_db.esl file openssl x509 -inform DER -in %{SOURCE1} -out 01.pem openssl x509 -inform DER -in %{SOURCE2} -out 02.pem cert-to-efi-sig-list -g DDA45501-A765-4556-BCB9-F9A16B500366 01.pem 01.esl cert-to-efi-sig-list -g 734EBEF7-3CFC-4B16-A525-BB207AFAFAC0 02.pem 02.esl cat 01.esl 02.esl > vendor_db.esl
Generate UUID for every key.
3) Add new self-signed AlmaLinux certificate to vendor_db.esl (so 3 cert in total should be there) Naming for certificate files should be the following:
almalinux-sb-cert-1.der almalinux-sb-cert-2.der almalinux-sb-cert-3.der
4) Build package, test on AlmaLinux 5) Open an issue in https://github.com/rhboot/shim-review repo (previous issue to use as reference: https://github.com/rhboot/shim-review/issues/250, but questions are changed since last time so README should be filled again)
https://github.com/rhboot/shim-review/issues/407
eabdullin1
commented
5 months ago
shim needs to be updated to upstream version 15.8. Source from RHEL shim-review submission is uploaded to https://git.almalinux.org/rpms/shim-unsigned-x64/src/branch/c8
Steps: 1) Merge 15.8 to a8 branch 2) Switch to generating vendor_db.esl dynamically. See CloudLinux approarch:
Generate UUID for every key.
3) Add new self-signed AlmaLinux certificate to vendor_db.esl (so 3 cert in total should be there) Naming for certificate files should be the following:
4) Build package, test on AlmaLinux 5) Open an issue in https://github.com/rhboot/shim-review repo (previous issue to use as reference: https://github.com/rhboot/shim-review/issues/250, but questions are changed since last time so README should be filled again)