Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AmZetta Technologies, LLC shim-15.8 x64 #383

Closed
8 tasks done
amzdev0401 opened this issue Feb 16, 2024 · 8 comments
Closed
8 tasks done

AmZetta Technologies, LLC shim-15.8 x64 #383

amzdev0401 opened this issue Feb 16, 2024 · 8 comments
Labels
accepted Submission is ready for sysdev new vendor This is a new vendor

Comments

@amzdev0401
Copy link

amzdev0401 commented Feb 16, 2024
edited

Confirm the following are included in your repo, checking each box:

What is the link to your tag in a repo cloned from rhboot/shim-review?

https://github.com/amzdev0401/shim-review/tree/AmZetta-shim-x86_64-20240220

What is the SHA256 hash of your final SHIM binary?

a5e223647b0ba12cf8e6947de6b253dd5fba7f1f7c0356f55c387d7e64e5440a shimx64.efi

What is the link to your previous shim review request (if any, otherwise N/A)?

#321
@amzdev0401 amzdev0401 mentioned this issue Feb 16, 2024
Closed
8 tasks
@amzdev0401
Copy link
Author

@dennis-tseng99 @aronowski @THS-on

I have resubmitted the latest SHIM 15.8. I kindly request you to review this new submission.

@aronowski
Copy link
Collaborator

aronowski commented Feb 20, 2024
edited

Build reproduces, SHA256 sum matches (more on this in a moment). The binaries' characteristics are fine, no NX support, as the whole chain is not NX-compatible.

The application is generally alright, with some minor errors caused most likely due to some entries not being updated from an earlier application, where they were fine. I found these:

  • There's an error that GRUB2 still has the upstream grub,3 entry, but an answer above the SBAT entries mentions that it's been set to 4.

  • An older SHA-256 checksum has been provided in the latest README. Please, update it.
    It should be a5e223647b0ba12cf8e6947de6b253dd5fba7f1f7c0356f55c387d7e64e5440a just like in the current GitHub issue.

  • At last, a minor rendering error is present in the GitHub issue's original post - an extra space has been added, making the checkboxes not render properly.

They can be fixed easily - please do so, update the tag in the original post and ping me for a quick re-review.

@aronowski aronowski added bug Problem with the review that must be fixed before it will be accepted extra review wanted Initial review(s) look good, another review desired new vendor This is a new vendor labels Feb 20, 2024
@amzdev0401
Copy link
Author

@aronowski @THS-on @dennis-tseng99

Thank you for the review, I have fixed the issues you mentioned and I have created the release label v1.0.7 with the fixes.

https://github.com/amzdev0401/shim-review/releases/tag/AmZetta-shim-x86_64-20240220

@dennis-tseng99
Copy link
Collaborator

Sure, I will try my best. Currently, the binaries can be reproducible by podman when being tested at midnight. Please wait.

@dennis-tseng99
Copy link
Collaborator

=== Review for AmZetta Technologies, LLC shim-15.8 x64 #383 ===

  • Binaries are producible based on tag AmZetta-shim-x86_64-20240220

  • No extra patches are applied.

  • NX flag is disable:
    shim-review# objdump -x shimx64.efi | grep -E 'SectionAlignment|DllCharacteristics'
    SectionAlignment 0000000000001000
    DllCharacteristics 00000000

  • built hash matches the original one; and already fixed the incorrect hash in README.md pointed out by @aronowski.
    a5e223647b0ba12cf8e6947de6b253dd5fba7f1f7c0356f55c387d7e64e5440a

  • produce-specific generation number is equal to 1 is reasonable because you said This is your first time SHIM submission
    for shim:
    sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
    shim,4,UEFI shim,shim,1,https://github.com/rhboot/shim
    shim.amzetta,1,AmZetta Technologies,shim,15.8,https://amzetta.com/
    for grub:
    sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
    grub,4,Free Software Foundation,grub,2.11,https://www.gnu.org/software/grub/
    grub.amzetta,1,AmZetta Technologies,grub2,2.11-65bc45963,https://amzetta.com/

  • Certificate Validity:
    shim-review# openssl x509 -in amzetta.der -inform der -noout -text
    Validity
    Not Before: Feb 27 20:26:36 2023 GMT
    Not After : Feb 24 20:26:36 2033 GMT
    10 years is good for user

  • Minor suggestion:
    For the next submission, please specify more details about the contact information for your product when you specify vendor_url field, or just use email instead. For example, you might change it to:
    grub.amzetta,1,AmZetta Technologies,grub2,2.11-65bc45963,https://amzetta.com/products/ztc/packages/grub

Conclusion:

  • It is acceptable to me
  • @aronowski needs your ping for the 2nd quick re-view .

@aronowski
Copy link
Collaborator

Awesome! Accepting it.

@aronowski aronowski added accepted Submission is ready for sysdev and removed bug Problem with the review that must be fixed before it will be accepted extra review wanted Initial review(s) look good, another review desired labels Feb 22, 2024
@amzdev0401
Copy link
Author

@aronowski @THS-on @dennis-tseng99

A big thank you to everyone. Greatly appreciated!!

@amzdev0401
Copy link
Author

@aronowski @THS-on @dennis-tseng99

Thank you all. Our SHIM was approved by Microsoft. Greatly appreciated!!

@THS-on THS-on closed this as completed Jul 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
accepted Submission is ready for sysdev new vendor This is a new vendor
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@THS-on @dennis-tseng99 @amzdev0401 @aronowski