Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:ALP:Source:Standard:0.1
shim
project.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File project.diff of Package shim
--- shim-install.orig +++ shim-install @@ -374,15 +374,27 @@ prepare_cryptodisk () { tpm_pcr_list="${GRUB_TPM2_PCR_LIST:-0,2,4,7,9}" tpm_sealed_key="${GRUB_TPM2_SEALED_KEY}" + tpm_mode="" + tpm_extra_options="" + if [ -n "$GRUB_TPM_AUTHORIZED_POLICY" ]; then + tpm_mode="-m authpol" + tpm_extra_options="-P \$prefix/$GRUB_TPM_PUBLIC_KEY -S \$prefix/$GRUB_TPM_SIGNATURE" + fi + declare -g TPM_PCR_SNAPSHOT_TAKEN if [ -z "$TPM_PCR_SNAPSHOT_TAKEN" ]; then TPM_PCR_SNAPSHOT_TAKEN=1 - echo "tpm_record_pcrs 0-9" + + # Check if tpm_record_pcrs is available and set the command to + # grub.cfg. + if grep -q "tpm_record_pcrs" ${datadir}/grub2/${arch}-efi/command.lst ; then + echo "tpm_record_pcrs 0-9" + fi fi cat <<EOF -tpm2_key_protector_init -b $tpm_pcr_bank -p $tpm_pcr_list -k \$prefix/$tpm_sealed_key +tpm2_key_protector_init $tpm_mode -b $tpm_pcr_bank -p $tpm_pcr_list -k \$prefix/$tpm_sealed_key $tpm_extra_options if ! cryptomount -u $uuid -k tpm2; then cryptomount -u $uuid fi --- shim.changes.orig +++ shim.changes @@ -1,4 +1,13 @@ ------------------------------------------------------------------- +Tue Feb 7 16:00:16 UTC 2023 - Olaf Kirch <okir@suse.com> + +- Enhance cryptodisk code to recognize new variables in /etc/default/grub: + * GRUB_TPM_AUTHORIZED_POLICY + * GRUB_TPM_PUBLIC_KEY + * GRUB_TPM_SIGNATURE + These were added in support of TPM2 authorized policies + +------------------------------------------------------------------- Fri Dec 9 08:38:14 UTC 2022 - Joey Lee <jlee@suse.com> - Modified shim-install, add the following Olaf Kirch's patches to support @@ -20,6 +29,15 @@ Wed Nov 23 07:28:57 UTC 2022 - Joey Lee https://www.spinics.net/lists/kernel/msg4599636.html ------------------------------------------------------------------- +Tue Nov 22 14:53:36 UTC 2022 - Olaf Kirch <okir@suse.com> + +- Enhance cryptodisk code to recognize new variables in /etc/default/grub: + * GRUB_CRYPTODISK_PASSWORD + * GRUB_TPM2_SEALED_KEY + * GRUB_TPM2_PCR_BANK and GRUB_TPM2_PCR_LIST +- Introduce --no-grub-install option + +------------------------------------------------------------------- Fri Nov 18 04:52:49 UTC 2022 - Joey Lee <jlee@suse.com> - Add shim-Enable-the-NX-compatibility-flag-by-default.patch to @@ -129,6 +147,11 @@ Thu Sep 29 02:42:35 UTC 2022 - Michael C installing grub related files ------------------------------------------------------------------- +Tue Sep 20 13:31:44 UTC 2022 - Olaf Kirch <okir@suse.com> + +- Add "tpm_record_pcrs" to EFI grub.cfg + +------------------------------------------------------------------- Mon Sep 12 12:30:54 UTC 2022 - Kilian Hanich <khanich.opensource@gmx.de> - Add logic to shim.spec to only set sbat policy when efivarfs is writeable. --- shim.spec.orig +++ shim.spec @@ -1,7 +1,7 @@ # # spec file for package shim # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -78,7 +78,7 @@ Patch5: shim-disable-export-vend # PATCH-FIX-UPSTREAM shim-Enable-the-NX-compatibility-flag-by-default.patch jlee@suse.com -- Enable the NX compatibility flag by default Patch6: shim-Enable-the-NX-compatibility-flag-by-default.patch # PATCH-FIX-OPENSUSE shim-bsc1198101-opensuse-cert-prompt.patch glin@suse.com -- Show the prompt to ask whether the user trusts openSUSE certificate or not -Patch100: shim-bsc1198101-opensuse-cert-prompt.patch +Patch100: shim-bsc1198101-opensuse-cert-prompt.patch BuildRequires: dos2unix BuildRequires: mozilla-nss-tools BuildRequires: openssl >= 0.9.8
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor