add cfca signed shim

2024-05-29 10:06:30 +08:00 · 2024-05-29 10:06:30 +08:00 · 30ffd1193a
commit 30ffd1193a
parent 8f88adaa5a
3 changed files with 24 additions and 1 deletions
--- a/shim.spec
+++ b/shim.spec
@ -25,7 +25,7 @@
 Name:	   	   shim
 Version:	   15.7
-Release:	   12
+Release:	   13
 Summary:	   First-stage UEFI bootloader
 ExclusiveArch:     x86_64 aarch64
 License:	   BSD
@ -34,6 +34,8 @@ Source0:	   https://github.com/rhboot/shim/releases/download/%{version}/shim-%{v
 Source1:	   BOOTAA64.CSV
 Source2:	   BOOTX64.CSV
 Source3:	   openEuler_ca.der
 Source4:	   shimaa64-cfca.efi
 Source5:	   shimx64-cfca.efi
 Patch1:backport-CVE-2023-40546.patch
 Patch2:backport-CVE-2023-40551-pe-relocate-Fix-bounds-check-for-MZ-b.patch
@ -76,6 +78,14 @@ Obsoletes:     shim-%{efi_arch} < %{version}-%{release}
 Initial UEFI bootloader that handles chaining to a trusted full \
 bootloader under secure boot environments.
 %package signed
 Summary:	signed shim
 Requires:	%{name} = %{version}-%{release}
 AutoReqProv:	0
 %description signed
 signed shim 
 %package debuginfo
 Summary:	Debug information for shim-unsigned
 Requires:	%{name}-debugsource = %{version}-%{release}
@ -150,9 +160,11 @@ install -m 0700 *.efi ${RPM_BUILD_ROOT}/%{shimefivendor}
 install -m 0700 *.hash ${RPM_BUILD_ROOT}/%{shimefivendor}
 %ifarch aarch64
 install -m 0700 %{SOURCE1} ${RPM_BUILD_ROOT}/%{shimefivendor}
 install -m 0700 %{SOURCE4} ${RPM_BUILD_ROOT}/%{shimBOOT}/BOOTAA64_CFCA.EFI
 %endif
 %ifarch x86_64
 install -m 0700 %{SOURCE2} ${RPM_BUILD_ROOT}/%{shimefivendor}
 install -m 0700 %{SOURCE5} ${RPM_BUILD_ROOT}/%{shimBOOT}/BOOTX64_CFCA.EFI
 %endif
 %if "%{_vendor}" != "openEuler"
    iconv -f UTF-16LE -t UTF-8 ${RPM_BUILD_ROOT}/%{shimefivendor}/%{bootcsv} > /tmp/%{bootcsv}.tmp
@ -180,6 +192,14 @@ make test
 %{shimefivendor}/*.efi
 %{shimefivendor}/*.hash
 %files signed
 %ifarch aarch64 
 %{shimBOOT}/BOOTAA64_CFCA.EFI
 %endif
 %ifarch x86_64
 %{shimBOOT}/BOOTX64_CFCA.EFI
 %endif
 %files debuginfo
 %defattr(-,root,root,-)
 /usr/lib/debug/*
@ -191,6 +211,9 @@ make test
 /usr/src/debug/%{name}-%{version}-%{release}/*
 %changelog
 * Wed May 29 2024 jinlun <jinlun@huawei.com> -15.7-12
 - add CFCA sign shim
 * Fri May 17 2024 wangcheng <wangcheng156@huawei.com> - 15.7-12
 - Align section size up to page size for mem attrs
--- a/shimaa64-cfca.efi
+++ b/shimaa64-cfca.efi
--- a/shimx64-cfca.efi
+++ b/shimx64-cfca.efi