-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Shim-15.8 for LUX 2.0 x64_ia32 #396
Comments
Just a quick note, you might want to increase grub.debian entry to 5 and release a new grub or wait until Debian releases new group with the increased global generation number, current shim 15.8 already revokes |
@Rodrigo-NR I see that the second security contact changed to you and it is with an IPT email address. Because you are submitting on behalf of Lenovo, can @ManigaLenovo and you clarify what the relationship these two entities have? |
Lenovo has an R&D contract with IPT, and we are developing the Lux Linux distribution. @Rodrigo-NR is the IPT developer responsible for secure boot And @icteixeira works with us in the development of Lux Linux distro. Below is the link where you can check more about Lenovo and IPT partnership (only in portuguese). |
I am not an official reviewer, but I just want to help with reviewers workload
|
Just briefly reviewing :
|
Thank you for the reviews. We will await feedback from the official reviewers regarding the certificate currently in use. I have not received the contact verification email, should we take any further action? |
@Rodrigo-NR If you plan on using your distro only on Lenovos and if you sign the shim yourself using that certificate it should just work (i.e. no need to review it and get it signed by Microsoft CA). Give it a try :) |
By the way, seems like there was a bit a mistake here, you can keep the grub.debian,4 , there is no harm if you already released the grub,debian,5 , just thought to mention it. |
Review of
|
Contact verification emails sent - please respond here as instructed. |
alighting spooking bedroll cascade hampered mismatches oxygenates funnest a= |
stupefy Panamanian squalor cleverly oversimplified racoon hypo rinses curls= |
Two contacts have responded, verification is good |
We discussed this in our meeting last week too. There's a worry that
Definitely this is needed
Do you have an answer for this please? |
Hello, @THS-on and @steve-mcintyre We have updated GRUB, based on version 2+2.12+2 from Debian, and also updated SBAT. The modifications are in the tag https://github.com/Rodrigo-NR/shim-review/tree/lux2.0-shim-amd64_i386-20240612/. The kernel source is available at https://github.com/rcilto1/kernel. We used version 6.6.18 from Kernel.org and applied some patches that are in the respective folder. |
@Rodrigo-NR thanks!
Please also add the new tag to the top comment of this issue, otherwise LGTM from my side. @dennis-tseng99 @steve-mcintyre can one of you have a look again? |
Thank you @THS-on, I added the new tag in the top comment. |
Review of Shim-15.8 for LUX 2.0 x64_ia32OK
Issues / queriesNone! All looks good, accepting! |
@Rodrigo-NR did you get a signed shim back? |
@THS-on |
@Rodrigo-NR could it be that it is because your certificate is already in all Lenovo's keys in the UEFI DB keyring (as mentioned in my previous comment)? Otherwise are you sure that you:
|
@Rodrigo-NR what is the state of the submission with Microsoft? |
closing as there hasn't been a response for over a month. |
Confirm the following are included in your repo, checking each box:
What is the link to your tag in a repo cloned from rhboot/shim-review?
https://github.com/Rodrigo-NR/shim-review/tree/lux2.0-shim-amd64_i386-20240304
New tag with GRUB 1+2.12+2:
https://github.com/Rodrigo-NR/shim-review/tree/lux2.0-shim-amd64_i386-20240612
What is the SHA256 hash of your final SHIM binary?
7e8e4368bb69563d5c479fe61270ceb4fe61e9dc06575e4645426713590aa9da shimia32.efi
c2afb5e3c305c894c299b54157a1a05891e4b7b0f6722a00696999820490e5db shimx64.efi
What is the link to your previous shim review request (if any, otherwise N/A)?
#308
The text was updated successfully, but these errors were encountered: