starlingx/integ
Code Issues Proposed changes
4a092412c5
integ/grub/grub-efi/debian/patches/series
Li Zhou 48a2e836ff Debian: grub-efi: porting from LAT 
This is done for moving packages that are related to secure boot
out of LAT and into integ.

Use grub version: 2.06-1 .

Port grub-efi from LAT and make its build independent from grub2.
The patches for code and changes for debian build are ported from
layers ( meta-lat and meta-secure-core ) of yocto upstream.
Make grub-efi independent from grub2 because some code changes
for secure boot can make grub-pc's build fail.

This porting of grub-efi customizes grub images and grub.cfg for
efi boot. Install those files customized to grub-efi-amd64 package.

Test Plan:
 The tests are done with all the changes for this porting,
 which involves efitools/shim/grub2/grub-efi/lat-sdk.sh, because
 they are in a chain for secure boot verification.
 - PASS: secure boot OK on qemu.
 - PASS: secure boot OK on PowerEdge R430 lab.
 - PASS: secure boot NG on qemu/hardware when shim/grub-efi images
         are without the right signatures.

Story: 2009221
Task: 46402

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Change-Id: Ia3b482c1959b5e6462fe54f0b0e59a69db1b1ca7
2022-10-08 21:50:14 -04:00

20 lines
1015 B
Plaintext
Raw Blame History

0001-grub2-add-tboot.patch
0002-grub2-checking-if-loop-devices-are-available.patch
0003-Make-UEFI-watchdog-behaviour-configurable.patch
0004-correct-grub_errno.patch
0005-grub-verify-Add-skip_check_cfg-variable.patch
0006-pe32.h-add-header-structures-for-TE-and-DOS-executab.patch
0007-shim-add-needed-data-structures.patch
0008-efi-chainloader-implement-an-UEFI-Exit-service.patch
0009-efi-chainloader-port-shim-to-grub.patch
0010-efi-chainloader-use-shim-to-load-and-verify-an-image.patch
0011-efi-chainloader-boot-the-image-using-shim.patch
0012-efi-chainloader-take-care-of-unload-undershim.patch
0013-chainloader-handle-the-unauthenticated-image-by-shim.patch
0014-chainloader-Don-t-check-empty-section-in-file-like-..patch
0015-chainloader-find-the-relocations-correctly.patch
0016-Add-a-module-for-reading-EFI-global-variables.patch
0017-grub-shim-verify-Report-that-the-loaded-object-is-ve.patch
0018-grub-verify-Add-strict_security-variable.patch
0019-Disable-inside-lockdown-and-shim_lock-verifiers.patch
View Git Blame Copy Permalink