Shim 15.7 for OL7 (ol7-shim-x86_64-20221129) #306
Comments
|
This submission has been made without NX support despite NX support being mandatory for signing since November 30, and is very significantly different from the previous one. Did you get special accomodations from MS to allow this? Also fbe previous Submission Link points to OL8, not OL7. |
julian-klode
added
bug
|
@julian-klode previous public submission for ol7 - #141 For NX support, this submission is based on latest shim master with all NX related patches it includes - https://github.com/rhboot/shim/search?q=nx&type=commits , please let me know which required NX patch is missing. |
|
All the support code is there yes but the set NX bit flag in post-process-pe is disabled by default and that default flag is changed in main I think. |
Oracle obtained one time exception from Microsoft for this submission in order to mitigate grub2 SecureBoot CVE-2022-2601 and CVE-2022-3775. |
julian-klode
removed
bug
|
@julian-klode please let us know if you have any other concerns or questions for this and #305 requests which might block review. Both requests are based on the same shim source code base, just different set of vendor_db certificates per OL releases. |
|
This looks reasonable to me, and I've rebuilt it and verified the binaries are as expected. |
|
submission ID: 14228186206811813 |
|
The submission signed by Microsoft, closing review |
Confirm the following are included in your repo, checking each box:
What is the link to your tag in a repo cloned from rhboot/shim-review?
https://github.com/oracle/shim-review/tree/ol7-shim-x86_64-20221129What is the SHA256 hash of your final SHIM binary?
77f0e3bdc92445004e15d2364e867e36212fe2c1bdcb8c913577473a454bc013 shimia32.efi e218b9de5fd6038a53fcecead8d9dbf2121003aab5ae7a89ff3ad3387d8ad1ff shimx64.efi
What is the link to your previous shim review request (if any, otherwise N/A)?
#142
The text was updated successfully, but these errors were encountered: