shim-15.6 for circle linux

[rouzer-zhou]

Confirm the following are included in your repo, checking each box:

• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate(s) embedded in shim (the file passed to VENDOR_CERT_FILE)
• binaries, for which hashes are added to vendor_db ( if you use vendor_db and have hashes allow-listed )
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs
• a Dockerfile to reproduce the build of the provided shim EFI binaries

---

What is the link to your tag in a repo cloned from rhboot/shim-review?

---

https://github.com/circle-linux/shim-review/releases/tag/circlelinux-8-shim-x86_64-20221201

What is the SHA256 hash of your final SHIM binary?

---

9e5df2ca5289b1f297cdfa3f24d81e7e2b9e8c6ecff76585fd6a209013ef5030 shimia32.efi
612b3a6a76e6bd44ab896eb47124c3a3df6e5ebfb9310c489ffbd1a6ce62dcd3 shimx64.efi

[steve-mcintyre]

Sent mails for contact verification

[steve-mcintyre]

Your README.md and patch list still talk about shim 15.4. I'm stopping right here...

[rouzer-zhou]

Thanks, I have fixed my README.md and create a new tag of repo.

[James6xie]

Your README.md and patch list still talk about shim 15.4. I'm stopping right here...

Hi , if there something need to fix , please contact us. Thanks your effort.

[rouzer-zhou]

Sent mails for contact verification

I have received the contact verification e-mail. The message is as follow.
"biopsy suppleness Levesque exoduses codfish lemma carjackings grainy refunded thrust"

[SherifNagy]

I am not a reviewer or a member of the board, however I did look at the submission and have a couple of notes:

• Circle Enterprise Software Foundation seems like it doesn't exists, I can't find any online information, is it registered and exits? this is actually very important for you to obtain the EV cert to submit shim for Microsoft for signing.
• You mentioned you did submit your old shim to Microsoft, however you never got any shim signed before, I think this is should be treated as 1st submission.
• Same for last signed shim version and what changes, your answer was 15.4 to 15.6 which is not true, since you never got shim 15.4 signed.

[steve-mcintyre]

@James6xie did you receive the identification emails ok?

[James6xie]

Yes this, i checked my email, as below:

resurrecting deceasing Guy starker coatings freeloaders spewing reliefs Islamism Calvinistic

--
Steve McIntyre, Cambridge, UK. [email protected]
"I can't ever sleep on planes ... call it irrational if you like, but I'm
afraid I'll miss my stop" -- Vivek Das Mohapatra

[steve-mcintyre]

contact verification done

[bella485]

contact verification done

Thanks a lot .

[James6xie]

I am not a reviewer or a member of the board, however I did look at the submission and have a couple of notes:

* Circle Enterprise Software Foundation seems like it doesn't exists, I can't find any online information, is it registered and exits? this is actually very important for you to obtain the EV cert to submit shim for Microsoft for signing.

* You mentioned you did submit your old shim to Microsoft, however you never got any shim signed before, I think this is should be treated as 1st submission.

* Same for last signed shim version and what changes, your answer was 15.4 to 15.6 which is not true, since you never got shim 15.4 signed.

Thank you Nagy , my brother.

Yes, I think Circle Linux Project should provide an real organization information, If it is difficult to join or apply for the opensource foundation, in a short time. @rouzer-zhou

Yes，this indeed the 1st submission.

[rouzer-zhou]

Your README.md and patch list still talk about shim 15.4. I'm stopping right here...

I have fixed this problem, but the label is still bug, please tell me what I need to do next.

[frozencemetery]

I have fixed this problem, but the label is still bug, please tell me what I need to do next.

As far as I can tell, the problems Sherif indicated still exists.

Moreover, as you're a RHEL rebuild aiming for "bug for bug compatibility", I would like to discuss whether you need to get shim signed at all. If you can reproduce the unsigned RHEL builds, I think you would be better off shipping RHEL's shim+grub2+kernel, and would like to know what can be done here to enable that (I've written some tooling that may help with this).

[rouzer-zhou]

As far as I can tell, the problems Sherif indicated still exists.

I have added the description of the organization information and website, please review it again.

[rouzer-zhou]

I have fixed this problem, but the label is still bug, please tell me what I need to do next.

As far as I can tell, the problems Sherif indicated still exists.

please review again, if there is any problem, please tell me.

[frozencemetery]

Please note #307

[steve-mcintyre]

Picking up on this, sorry for the delay :-(

I can't reproduce your builds here:

9e5df2ca5289b1f297cdfa3f24d81e7e2b9e8c6ecff76585fd6a209013ef5030  /shimia32.efi
612b3a6a76e6bd44ab896eb47124c3a3df6e5ebfb9310c489ffbd1a6ce62dcd3  /shimx64.efi
df0abc9969c02156538dbaabb58b8a6eeb68b5ec66ebf7590d25dabb783107e6  /usr/share/shim/15.6-1.el8/ia32/shimia32.efi
5f88b2ea8cf10a17b8129e45df6e4644589325329312178b39a475189d078b9f  /usr/share/shim/15.6-1.el8/x64/shimx64.efi

We're also way past the deadline for signing shims without NX now I'm afraid - see #307 . This isn't your fault, but you'll need to move forward to a newer shim version at this point. I'd recommend 15.7 or 15.8 if that comes out soon.

[steve-mcintyre]

It's been a few weeks, closing...