-
Notifications
You must be signed in to change notification settings - Fork 125
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VMware Photon OS shim-15.8 #412
Comments
I'm not an official reviewer, but I'm trying to help as much as I can. This review if for: vmware-shim-x86_64-20240418.
|
Thank you @BogdanAriton for reviewing the shim-review. The patch 0001-Introduce-support-for-revocations-build.patch utilizes the following code in Consider a use case where Photon OS wants to revoke its grub2/kernel using SBAT. We could inject the aforementioned sections into revocations.efi generated with this patch. During the next boot, shim will update the SbatLevel and enforce the newly updated levels. By utilizing this mechanism, we avoid changing SbatLevel in the shim source |
@nkkuntal - thanks for clarifying that for me |
Hi @nkkuntal, Because the global generation number has been bumped to 4 from 1, may I ask you a question about whether the product-specific minimum generation number is 1 or 2 in README.md: grub2
I know your photon OS has been upgraded from 3.0 to 5.0 which can perfectly configure MACVLAN, VxLAN, macvtap .... I'm not sure this is your reason for 2. In your previous shim-15.4 review: grub2
Please correct me if I'm wrong. Thank you very much. |
Thanks for taking time to review. We chose to keep grub.photon to gen 2 as an indicator that our grub2 has transitioned from upstream grub2 to fedora downstream grub2. |
Review for VMware Photon OS shim-15.8 #412 based on tag vmware-shim-x86_64-20240418
openssl x509 -in photon_sb2020.der -inform der -noout -text
|
@nkkuntal did you get a signed shim back? |
Sorry we forgot to mention it here. We ran into a logistical issue and were stuck for sometime. A couple of weeks ago we got the signed shim back. Thanks every one who helped review this. |
Confirm the following are included in your repo, checking each box:
What is the link to your tag in a repo cloned from rhboot/shim-review?
https://github.com/nkkuntal/shim-review/tree/vmware-shim-x86_64-20240418
What is the SHA256 hash of your final SHIM binary?
What is the link to your previous shim review request (if any, otherwise N/A)?
Previous version, based on shim 15.4, was approved here #164
If no security contacts have changed since verification, what is the link to your request, where they've been verified (if any, otherwise N/A)?
N/A
as security contacts are not verified recently.The text was updated successfully, but these errors were encountered: