efibootguard: update 0.11 -> 0.15

siemens / meta-efibootguard

Yocto layer for EFI Boot Guard

GNU General Public License v2.0

7 stars 10 forks source link

efibootguard: update 0.11 -> 0.15 #24

Closed petermarko closed 1 year ago

petermarko commented 1 year ago

Fixes CVE-2023-39950

Tested build on kirkstone branch.

hoinmic commented 1 year ago

Thank you for your pull request. I will test the request and give feedback.

jan-kiszka commented 1 year ago

There is now a slightly different version than the included patch on the mailing list and in next (https://github.com/siemens/efibootguard/commit/261e8c2d5b4d1455f90b2e306afab7ea3705fe27) - testing welcome!

petermarko commented 1 year ago

Replaced my patch with one from Jan which is currently in branch next.

petermarko commented 1 year ago

I looked at #23:

I'm not sure if I should add aarch64 support without setup to test it.
should I also add bg_gen_unified_kernel? do we use/need it?

jan-kiszka commented 1 year ago

You can test things in qemu, at least theoretically.

Regarding bg_gen_unified_kernel: That's a tool for the build env, allowing to generate a unified kernel image with EBG's stub (rather than systemd's stub - we are working on obsoleting it long-term in favor of the latter). Just adding the tool will not actually solve a task, though.

hoinmic commented 1 year ago

I tested the commit and it worked fine.