Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

shim 15.8 for CentOS Stream 10 #454

Open
8 tasks done
bstinsonmhk opened this issue Nov 20, 2024 · 4 comments
Open
8 tasks done

shim 15.8 for CentOS Stream 10 #454

bstinsonmhk opened this issue Nov 20, 2024 · 4 comments
Assignees
@aronowski
Labels
2 reviews needed Needs 2 (additional) successful reviews before being accepted Accredited review needed Needs a successful review by an accredited reviewer contacts verified OK Contact verification is complete here (or in an earlier submission) incomplete This submission is missing required bits

Comments

@bstinsonmhk
Copy link

bstinsonmhk commented Nov 20, 2024
edited
Loading

Confirm the following are included in your repo, checking each box:

  • completed README.md file with the necessary information
  • shim.efi to be signed
  • public portion of your certificate(s) embedded in shim (the file passed to VENDOR_CERT_FILE)
  • binaries, for which hashes are added to vendor_db ( if you use vendor_db and have hashes allow-listed )
  • any extra patches to shim via your own git tree or as files
  • any extra patches to grub via your own git tree or as files
  • build logs
  • a Dockerfile to reproduce the build of the provided shim EFI binaries

What is the link to your tag in a repo cloned from rhboot/shim-review?

https://github.com/CentOS/shim-review/releases/tag/centos-stream-10-shim-x86-20241120

What is the SHA256 hash of your final SHIM binary?

1f79899df33ba605e65a2eb431cf23f48a2c3832cf2220f74eb295b469c4ba3d shimx64.efi

What is the link to your previous shim review request (if any, otherwise N/A)?

#399 (Abandoned)

If no security contacts have changed since verification, what is the link to your request, where they've been verified (if any, otherwise N/A)?

Contact info was verified in #399

Other Comments

I plan to submit a new CentOS Stream 9 review after this one. To address some of the commentary in the previous review: we don't have plans to add additional sbat entries to grub2, so the entries listed in the review represent the current state.
@steve-mcintyre steve-mcintyre added the contacts verified OK Contact verification is complete here (or in an earlier submission) label Nov 25, 2024
@steve-mcintyre
Copy link
Collaborator

Contacts verified previously in #399

@jkonecny12 jkonecny12 mentioned this issue Nov 26, 2024
Merged
1 task
@steve-mcintyre steve-mcintyre added 2 reviews needed Needs 2 (additional) successful reviews before being accepted Accredited review needed Needs a successful review by an accredited reviewer labels Dec 3, 2024
@steve-mcintyre
Copy link
Collaborator

Please link to tags on yoursubmissions here, not commit hashes

@arrfab
Copy link

arrfab commented Jan 21, 2025

I see that @bstinsonmhk adusted branch name and tag : https://github.com/CentOS/shim-review/releases/tag/centos-stream-10-shim-x86-20241120

Myself I just rebuilt through Dockerfile (with podman) shim and I confirm that checksums match :

STEP 20/20: RUN sha256sum ./usr/share/shim/15.8-3.el10.centos/x64/shimx64.efi /shimx64.efi
1f79899df33ba605e65a2eb431cf23f48a2c3832cf2220f74eb295b469c4ba3d  ./usr/share/shim/15.8-3.el10.centos/x64/shimx64.efi
1f79899df33ba605e65a2eb431cf23f48a2c3832cf2220f74eb295b469c4ba3d  /shimx64.efi

@aronowski aronowski self-assigned this Jan 26, 2025
@aronowski
Copy link
Collaborator

The application form is incomplete and missing some questions - please rebase it to the newest README.md revision.

@aronowski aronowski added the incomplete This submission is missing required bits label Jan 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aronowski aronowski

Labels
2 reviews needed Needs 2 (additional) successful reviews before being accepted Accredited review needed Needs a successful review by an accredited reviewer contacts verified OK Contact verification is complete here (or in an earlier submission) incomplete This submission is missing required bits
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bstinsonmhk @arrfab @steve-mcintyre @aronowski