Initial review for el9 aarch64 shim submission #4
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updating README.md with review comments
15.8 submission * updating the Readme to reflect the sbat in the binary * updating grub sbat * adding cert in shim to review * adding der to review * updating sbat * adding mock build logs Approved-by: Jonathan Maple
Sub prep * updating for EL9 * updating sub * removing ref to ia32 * using vault as static repos * updating with sbat info * adding shim hash * updating log * removing ai32 take 2 * updating build log * removing concept of siging grub/kernel with different certs Approved-by: Skip Grube
-Skip Grube
Initial release is based off Rocky 9.2 (long term support) Correcting earlier commit. -Skip G.
jason-rodri
commented
Oct 9, 2024
updating comment to refelct el9 submission
|
This is for all of CIQ's 9.x work, right? not just LTS 9.2? |
That is correct. The SHIM can be used with all of 9.x. |
josephtate
reviewed
Jan 3, 2025
josephtate
reviewed
Jan 3, 2025
josephtate
reviewed
Jan 3, 2025
josephtate
reviewed
Jan 9, 2025
josephtate
reviewed
Jan 9, 2025
elguero
requested changes
Jan 14, 2025
README.md
Outdated
| ### Who is the secondary contact for security updates, etc.? | ||
| ******************************************************************************* | ||
| - Name: Michael Young | ||
| - Position: Information Technology Director |
There was a problem hiding this comment.
My position has changed.
Principal Systems Engineer
README.md
Outdated
| * CVE-2023-4693 | ||
| * CVE-2023-4692 | ||
| ******************************************************************************* | ||
| We are a new vendor for EL9, but I can confirm that our grub2 builds will not be affected by any of those, as they've all been fixed in our upstream: |
There was a problem hiding this comment.
I am not sure this statement is true anymore. We are a new vendor for aarch64 maybe? Just caught my eye.
README.md
Outdated
Comment on lines
286
to
289
| objcopy --only-section .sbat -O binary shimaa64.efi /dev/stdout | ||
| sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md | ||
| shim,4,UEFI shim,shim,1,https://github.com/rhboot/shim | ||
| shim.ciq,1,Ctrl IQ Inc,shim,15.8,mail:[email protected] |
There was a problem hiding this comment.
I believe the SBAT was updated to
We might need to check into this one.
There was a problem hiding this comment.
I think the shim package in the test repo needs to be updated.
The screen shot above is what is in the unsigned RPM package.
Adding srpm and srpm build logs
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
WIP, will comment on items needing work
Will tag on items needing review