-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Shim 15.6 for SUSE Euler Linux 2.0 #260
Comments
Hi reviewers: Would you please feedback some comments for this request? Chenxi |
Disclaimer: I am not an authorized reviewer
Version of packages
In addition, operations of pre-rebuild(copying shim source, install compiler, etc...) stage is hidden this method.
This non-CA certificate has 30 years lifetime.
If SUSE Euler Linux's management is same quality as SLES(SUSE Linux Enterprise Server), I think OK to pass.
https://github.com/parheliamm/shim-review/blob/sel-2.0-shim-20220704/README.md?plain=1#L213
Actual
FYI: shim's
|
Hi @tSU-RooT: Here is my feedback, please review and comment on it.
Validity
Not Before: Aug 8 11:23:15 2022 GMT
Not After : Aug 7 11:23:15 2027 GMT For subject information, I would like to request your comments about the email address, is "YCL@bsen" acceptable?
|
That's right.
I will check.
IMHO, actual email address is better.
1957a85b0032a81e6482ca4aab883643b8dae06e: had merged to 5.4
Almost CVEs(July 2020,the March 2021 and the June 7th 2022 grub2 CVE list) are fixed. Question: I found 'CVE-2022-28737' is not fixed(i.e. Not patched). Miss? |
Hi @tSU-RooT: Thanks for your feedback, here are my comments below, please review and check:
Please review our new shim/grub2 based on your comments. shim/grub2 bumps version to 2
grub2:
|
Oh, sorry I was wrong.
|
@tSU-RooT : On the other hand, how about the binary checksum, is that still a problem? |
I am going to email you some words for contact verification. Please post them here when you receive them. |
Here are mine:
The second letter of the first word seems is not ASCII but some other western language that I don't understand. I just copied & pasted from mutt display on the terminal, not sure if it actually is correct. |
[email protected] got below words:
|
Both verified, thanks!
It's Norwegian (Bokmål). Julian uses German, which gave me the idea... it's more entertaining to me this way, and also I get to see how widespread working UTF-8 actually is :) |
Nice. UTF-8 indeed works on my system as I'm using Chinese. |
@parheliamm
Alright, I think the reason of mismatching is well explained. --- orig-x64.hex 2022-08-22 19:13:26.000000000 +0800
+++ built-x64.hex 2022-08-22 19:13:25.000000000 +0800
@@ -58578,5 +58578,5 @@
000e4d10 55 49 44 00 6c 6f 61 64 5f 6f 70 74 69 6f 6e 73 |UID.load_options|
000e4d20 00 50 4b 45 59 5f 55 53 41 47 45 5f 50 45 52 49 |.PKEY_USAGE_PERI|
000e4d30 4f 44 5f 69 74 00 58 35 30 39 5f 4e 41 4d 45 5f |OD_it.X509_NAME_|
-000e4d40 45 4e 54 52 59 5f 69 74 00 00 00 00 00 00 00 00 |ENTRY_it........|
-000e4d50
+000e4d40 45 4e 54 52 59 5f 69 74 00 |ENTRY_it.|
+000e4d49 Additinally, I've checked by appending below commands. COPY shim-sel_x86_64.efi /
RUN dd if=/shim-sel_x86_64.efi of=test.efi bs=1 count=937289
RUN hexdump -Cv /shim/usr/share/efi/$ARCHITECTURE/shim-sel.efi > /built-x64.hex
RUN hexdump -Cv /test.efi > /orig-x64.hex
RUN ls -la /shim/usr/share/efi/$ARCHITECTURE/shim-sel.efi /test.efi
RUN sha256sum test.efi
RUN diff -u orig-x64.hex built-x64.hex |
Hi @tSU-RooT and @frozencemetery: We updated the new version based on your previous comments and suggestion, please review:
Here are 3 changes: Any comments and suggestion would be appreciated. Chenxi |
Hi @tSU-RooT and @frozencemetery : Would you please review our new submission? Chenxi |
Hi, sorry for my late response.
5 years expiry time, I think OK.
Looks OK. I hope someone authorized reviewer confirms OK to pass. |
Thanks for your review and comments. Sorry for inconvenience. Chenxi |
Hi @tSU-RooT and @frozencemetery: We updated the new version based on your previous comments and suggestion, please review:
Changes:
Any comments and suggestion would be appreciated. Chenxi |
Hi, I see some points of new commit.
However, seems to be OK in source level I think. |
Seem to affected from enhancement |
binutils-AArch64-EFI.patch is not enough to support AArch64 EFI feature.
Chenxi |
Hi @frozencemetery: Would you please review our new submission? Looking forward your reply and thanks in advance. Chenxi |
Hi Reviewers: Thanks in advance. Chenxi |
Please note #307 |
Confirm the following are included in your repo, checking each box:
What is the link to your tag in a repo cloned from rhboot/shim-review?
`https://github.com/parheliamm/shim-review/tree/sel-2.0-shim-20220704
What is the SHA256 hash of your final SHIM binary?
aarch64:
pesign --hash --padding --in usr/share/efi/aarch64/shim-sel.efi
hash: bde31b7ef3c81f7eccbce167057b6675160113fbaaca313108da1848b9556cfd
sha256sum ./shim-sel_aarch64.efi
220af16cb67ea54e34263bfc8d50275a21d66e80036b4cb5516d145c8ffd5809 shim-sel_aarch64.efi
x86_64:
pesign --hash --padding --in=./shim-sel_x86_64.efi
hash: a87485be25d3f27b5dfa17390491537b979cefc8483c0fb08da7dfdc81f04bf8
sha256sum ./shim-sel_x86_64.efi
4dae5b2f24eb0e5d7a96194694fc5a62c1dfb6809f3d1162c86bfe900cc65308 shim-sel_x86_64.efi
The text was updated successfully, but these errors were encountered: