-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FixMeStick shim-15.7 x64 and ia32 #312
Comments
Disclaimer: I am not a not an authorized reviewer
Hashes
SBAT
Notes:
|
@THS-on thank you for the review! I corrected the shim.fixmestick SBAT version to 1 and rebuilt. I also updated the grub.fixmestick SBAT version to 1. Lastly, as for patch 535, in the Dockerfile, please see these lines: The new tag is: |
Can confirm that the SBAT levels are now correct and the new hashes are also reproducible:
I missed that. For me this is fine, but keeping them as patches and in the same format as (proposed to) upstream makes it easier to review. |
@THS-on Noted for next time re the patch 535. Is there anything else I need to do before official approval? |
Looking at Debian's Shim patches, you might also want to add the one that is blocking Otherwise I don't think so, just one of the official reviewers needs to have a look at it. |
@THS-on Thanks for pointing that patch out. The only signed grub we have deployed contains this SBAT,
which will be revoked by the SBAT_VAR_LATEST_REVOCATIONS before that patch you referenced since the grub version is 2
So, I think we're good as is. |
Please note #307 |
@frozencemetery I believe I am handling #307. Note the 530.patch that I apply in the Dockerfile. Am I doing something incorrectly or did you simply miss that patch? Thanks! |
@frozencemetery What else is required to do in order for this to be approved? Thanks for your help. |
Review of FixMeStick shim-15.7 x64 and ia32 fixmestick-shim-ia32-x64-20230208OK
Issues / queries / outstanding
|
@THS-on thanks for your help reviewing here :-) |
If you got the signed shim back from Microsoft, can you close this ticket? |
Closing as we got the signed binaries from Microsoft. |
Confirm the following are included in your repo, checking each box:
What is the link to your tag in a repo cloned from rhboot/shim-review?
https://github.com/coreyvelan/shim-review/tree/fixmestick-shim-ia32-x64-20230126
What is the SHA256 hash of your final SHIM binary?
b28d0ddfeafb068acc1eb51f496623dc0929da58660b4a3a7b5806b0b28ecbb5 /build/target/shimx64.efi 39c9bf03c09679834c34c25582a4c52d4906c099b65b6b8bf0f14215adeb26ba /build/target/shimia32.efi
What is the link to your previous shim review request (if any, otherwise N/A)?
#276
The text was updated successfully, but these errors were encountered: