-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Shim 15.8 for ZeronsoftN (patch added) #433
Comments
This is currently blocked on the patches getting reviewed upstream. I'll try to ping people to have a look at it. |
@vathpela could you take a look at the patches here please? |
@vathpela ping? |
I don't have a problem with any of these patches. |
Helper Review for ZeronsoftN shim-x86_64_ia32_aarch64-20240730Build is reproducible:
NX is not set:
SBAT sections:
matches the section mentioned in the request. Patch 0004approved here: #621 UEFI SecureBoot Kernel Lockdown patches - 1 FindingFound the activated LOCKDOWN config options:
here: x86_64 config aarch64 config but this worries me: patch 0008 specifically:
this lock down function looks like a no-op to me. Kernel upstream looks different, and also includes the function for lockdown in Certficate
|
@af-kulow Thank you for your review. patch 0008 is same as https://sources.debian.org/src/linux/6.6.13-1~bpo12%2B1/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch/ The dummy function is only for when CONFIG_SECURITY is false. |
I see. That was not visible from the patch itself, so I wanted to make sure. No further questions on that then. Thank you for the quick response. |
|
Confirm the following are included in your repo, checking each box:
What is the link to your tag in a repo cloned from rhboot/shim-review?
https://github.com/zeronsoftn/shim-review/tree/zeronsoftn-shim-x86_64_ia32_aarch64-20240730
What is the SHA256 hash of your final SHIM binary?
What is the link to your previous shim review request (if any, otherwise N/A)?
#408
If no security contacts have changed since verification, what is the link to your request, where they've been verified (if any, otherwise N/A)?
no changed: #408
REVIEW HELPER
https://github.com/jclab-joseph/other-shim-reviews.git can help you for review.
The text was updated successfully, but these errors were encountered: