0535f5b0ae
This is done for moving packages that are related to secure boot
out of LAT and into integ.
Use shim version: 15+1533136590.3beb971.
Although there was a debian package for shim here, it wasn't
effective because LAT didn't use it (the shim version in use is
12+gitAUTOINC+5202f80c32). So I abandon it and choose a proper
version for this porting.
I choose this version because it should be matched with the grub image.
shim 15.3 introduced and now mandates SBAT.
This means that shim 15.3+ will not launch any EFI binaries
without a .sbat section.
Use tis-shim.der (another format for tis-shim.crt) to verify grub
image's signature.
Test Plan:
The tests are done with all the changes for this porting,
which involves efitools/shim/grub2/grub-efi/lat-sdk.sh, because
they are in a chain for secure boot verification.
- PASS: secure boot OK on qemu.
- PASS: secure boot OK on PowerEdge R430 lab.
- PASS: secure boot NG on qemu/hardware when shim/grub-efi images
are without the right signatures.
Story: 2009221
Task: 46401
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Change-Id: I2449ac9bbad7635b095a66309f77765a8a01cd1b
15 lines
459 B
YAML
15 lines
459 B
YAML
---
|
|
debver: 15+1533136590.3beb971
|
|
debname: shim
|
|
dl_path:
|
|
name: shim-debian-15+1533136590.3beb971.tar.bz2
|
|
url: "https://salsa.debian.org/efi-team/shim/-/archive/debian/\
|
|
15+1533136590.3beb971-10/shim-debian-15+1533136590.3beb971-10.tar.bz2"
|
|
md5sum: eb6db0c9b8b4257d77ed07a81cd3a7b8
|
|
sha256sum: 06341378fc89836ee3355ff9ade263105a9ab445de8b065c0989eec8c55769c8
|
|
src_files:
|
|
- files/tis-shim.der
|
|
revision:
|
|
dist: $STX_DIST
|
|
PKG_GITREVCOUNT: true
|