Re-enable secureboot enrollment
Follow Laszlo's suggestions from: https://bugzilla.redhat.com/show_bug.cgi?id=1701710#c12
This commit is contained in:
parent
eb71155bd5
commit
b9bff0b089
1
.gitignore
vendored
1
.gitignore
vendored
@ -3,3 +3,4 @@
|
|||||||
/qemu-ovmf-secureboot-*.tar.gz
|
/qemu-ovmf-secureboot-*.tar.gz
|
||||||
/edk2-*.tar.gz
|
/edk2-*.tar.gz
|
||||||
/softfloat-20180726-gitb64af41.tar.xz
|
/softfloat-20180726-gitb64af41.tar.xz
|
||||||
|
/qemu-ovmf-secureboot-20190521-gitf158f12.tar.xz
|
||||||
|
22
RedHatSecureBootPkKek1.pem
Normal file
22
RedHatSecureBootPkKek1.pem
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDoDCCAoigAwIBAgIJAP71iOjzlsDxMA0GCSqGSIb3DQEBCwUAMFExKzApBgNV
|
||||||
|
BAMTIlJlZCBIYXQgU2VjdXJlIEJvb3QgKFBLL0tFSyBrZXkgMSkxIjAgBgkqhkiG
|
||||||
|
9w0BCQEWE3NlY2FsZXJ0QHJlZGhhdC5jb20wHhcNMTQxMDMxMTExNTM3WhcNMzcx
|
||||||
|
MDI1MTExNTM3WjBRMSswKQYDVQQDEyJSZWQgSGF0IFNlY3VyZSBCb290IChQSy9L
|
||||||
|
RUsga2V5IDEpMSIwIAYJKoZIhvcNAQkBFhNzZWNhbGVydEByZWRoYXQuY29tMIIB
|
||||||
|
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkB+Ee42865cmgm2Iq4rJjGhw
|
||||||
|
+d9LB7I3gwsCyGdoMJ7j8PCZSrhZV8ZB9jiL/mZMSek3N5IumAEeWxRQ5qiNJQ31
|
||||||
|
huarMMtAFuqNixaGcEM38s7Akd9xFI6ZDom2TG0kHozkL08l0LoG+MboGRh2cx2B
|
||||||
|
bajYBc86yHsoyDajFg0pjJmaaNyrwE2Nv1q7K6k5SwSXHPk2u8U6hgSur9SCe+Cr
|
||||||
|
3kkFaPz2rmgabJBNVxk8ZGYD9sdSm/eUz5NqoWjJqs+Za7yqXgjnORz3+A+6Bn7x
|
||||||
|
y+h23f4i2q06Xls06rPJ4E0EKX64YLkF77XZF1hWFmC5MDLwNkrD8nmNEkBw8wID
|
||||||
|
AQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVy
|
||||||
|
YXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUPOlg4/8ZoQp7o0L0jUIutNWccuww
|
||||||
|
HwYDVR0jBBgwFoAUPOlg4/8ZoQp7o0L0jUIutNWccuwwDQYJKoZIhvcNAQELBQAD
|
||||||
|
ggEBAFxNkoi0gl8drYsR7N8GpnqlK583VQyNbgUArbcMQYlpz9ZlBptReNKtx7+c
|
||||||
|
3AVzf+ceORO06rYwfUB1q5xDC9+wwhu/MOD0/sDbYiGY9sWv3jtPSQrmHvmGsD8N
|
||||||
|
1tRGN9tUdF7/EcJgxnBYxRxv7LLYbm/DvDOHOKTzRGScNDsolCZ4J58WF+g7aQol
|
||||||
|
qXM2fp43XOzoP9uR+RKzPc7n3RXDrowFIGGbld6br/qxXBzll+fDNBGF9YonJqRw
|
||||||
|
NuwM9oM9kPc28/nzFdSQYr5TtK/TSa/v9HPoe3bkRCo3uoGkmQw6MSRxoOTktxrL
|
||||||
|
R+SqIs/vdWGA40O3SFdzET14m2k=
|
||||||
|
-----END CERTIFICATE-----
|
29
edk2.spec
29
edk2.spec
@ -13,13 +13,11 @@
|
|||||||
%global edk2_stable_date 201905
|
%global edk2_stable_date 201905
|
||||||
%global edk2_stable_str edk2-stable%{edk2_stable_date}
|
%global edk2_stable_str edk2-stable%{edk2_stable_date}
|
||||||
%global openssl_version 1.1.1b
|
%global openssl_version 1.1.1b
|
||||||
%global qosb_version 1.1.3
|
%global qosb_version 20190521-gitf158f12
|
||||||
%global softfloat_version 20180726-gitb64af41
|
%global softfloat_version 20180726-gitb64af41
|
||||||
|
|
||||||
|
# Enable this to skip secureboot enrollment, if problems pop up
|
||||||
# enrollment is hanging with stable 201905,
|
%global skip_enroll 0
|
||||||
# so temporarily disable it
|
|
||||||
%global skip_enroll 1
|
|
||||||
|
|
||||||
|
|
||||||
%define qosb_testing 0
|
%define qosb_testing 0
|
||||||
@ -58,7 +56,7 @@ Name: edk2
|
|||||||
# to use YYYMMDD to avoid needing to bump package epoch
|
# to use YYYMMDD to avoid needing to bump package epoch
|
||||||
# due to previous 'git' Version:
|
# due to previous 'git' Version:
|
||||||
Version: %{edk2_stable_date}01stable
|
Version: %{edk2_stable_date}01stable
|
||||||
Release: 1%{dist}
|
Release: 2%{dist}
|
||||||
Summary: EFI Development Kit II
|
Summary: EFI Development Kit II
|
||||||
|
|
||||||
License: BSD-2-Clause-Patent
|
License: BSD-2-Clause-Patent
|
||||||
@ -69,8 +67,10 @@ URL: http://www.tianocore.org/edk2/
|
|||||||
Source0: https://github.com/tianocore/edk2/archive/%{edk2_stable_str}.tar.gz#/edk2-%{edk2_stable_str}.tar.gz
|
Source0: https://github.com/tianocore/edk2/archive/%{edk2_stable_str}.tar.gz#/edk2-%{edk2_stable_str}.tar.gz
|
||||||
Source1: openssl-%{openssl_version}-hobbled.tar.xz
|
Source1: openssl-%{openssl_version}-hobbled.tar.xz
|
||||||
Source2: ovmf-whitepaper-c770f8c.txt
|
Source2: ovmf-whitepaper-c770f8c.txt
|
||||||
Source3: https://github.com/puiterwijk/qemu-ovmf-secureboot/archive/v%{qosb_version}/qemu-ovmf-secureboot-%{qosb_version}.tar.gz
|
#Source3: https://github.com/puiterwijk/qemu-ovmf-secureboot/archive/v{qosb_version}/qemu-ovmf-secureboot-{qosb_version}.tar.gz
|
||||||
|
Source3: qemu-ovmf-secureboot-%{qosb_version}.tar.xz
|
||||||
Source4: softfloat-%{softfloat_version}.tar.xz
|
Source4: softfloat-%{softfloat_version}.tar.xz
|
||||||
|
Source5: RedHatSecureBootPkKek1.pem
|
||||||
Source10: hobble-openssl
|
Source10: hobble-openssl
|
||||||
Source11: build-iso.sh
|
Source11: build-iso.sh
|
||||||
Source12: update-tarball.sh
|
Source12: update-tarball.sh
|
||||||
@ -133,6 +133,7 @@ BuildRequires: nasm
|
|||||||
BuildRequires: qemu-img
|
BuildRequires: qemu-img
|
||||||
BuildRequires: genisoimage
|
BuildRequires: genisoimage
|
||||||
BuildRequires: bc
|
BuildRequires: bc
|
||||||
|
BuildRequires: sed
|
||||||
|
|
||||||
# These are for QOSB
|
# These are for QOSB
|
||||||
BuildRequires: python3-requests
|
BuildRequires: python3-requests
|
||||||
@ -260,6 +261,14 @@ mv qemu-ovmf-secureboot-%{qosb_version}/LICENSE LICENSE.qosb
|
|||||||
%autopatch -p1
|
%autopatch -p1
|
||||||
base64 --decode < MdeModulePkg/Logo/Logo-OpenSSL.bmp.b64 > MdeModulePkg/Logo/Logo-OpenSSL.bmp
|
base64 --decode < MdeModulePkg/Logo/Logo-OpenSSL.bmp.b64 > MdeModulePkg/Logo/Logo-OpenSSL.bmp
|
||||||
|
|
||||||
|
# Extract OEM string from the RH cert, as described here
|
||||||
|
# https://bugzilla.tianocore.org/show_bug.cgi?id=1747#c2
|
||||||
|
sed \
|
||||||
|
-e 's/^-----BEGIN CERTIFICATE-----$/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' \
|
||||||
|
-e '/^-----END CERTIFICATE-----$/d' \
|
||||||
|
%{_sourcedir}/RedHatSecureBootPkKek1.pem \
|
||||||
|
| tr -d '\n' \
|
||||||
|
> PkKek1.oemstr
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
@ -333,6 +342,7 @@ python3 qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator \
|
|||||||
--ovmf-binary ovmf/OVMF_CODE.secboot.fd \
|
--ovmf-binary ovmf/OVMF_CODE.secboot.fd \
|
||||||
--ovmf-template-vars ovmf/OVMF_VARS.fd \
|
--ovmf-template-vars ovmf/OVMF_VARS.fd \
|
||||||
--uefi-shell-iso ovmf/UefiShell.iso \
|
--uefi-shell-iso ovmf/UefiShell.iso \
|
||||||
|
--oem-string "$(< PkKek1.oemstr)" \
|
||||||
--skip-testing \
|
--skip-testing \
|
||||||
ovmf/OVMF_VARS.secboot.fd
|
ovmf/OVMF_VARS.secboot.fd
|
||||||
%else
|
%else
|
||||||
@ -591,6 +601,11 @@ install qemu-ovmf-secureboot-%{qosb_version}/ovmf-vars-generator %{buildroot}%{_
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jul 15 2019 Cole Robinson <aintdiscole@gmail.com> - 20190501stable-2
|
||||||
|
- License is now BSD-2-Clause-Patent
|
||||||
|
- Re-enable secureboot enrollment
|
||||||
|
- Use qemu-ovmf-secureboot from git
|
||||||
|
|
||||||
* Thu Jul 11 2019 Cole Robinson <crobinso@redhat.com> - 20190501stable-1
|
* Thu Jul 11 2019 Cole Robinson <crobinso@redhat.com> - 20190501stable-1
|
||||||
- Update to stable-201905
|
- Update to stable-201905
|
||||||
- Update to openssl-1.1.1b
|
- Update to openssl-1.1.1b
|
||||||
|
2
sources
2
sources
@ -1,4 +1,4 @@
|
|||||||
SHA512 (qemu-ovmf-secureboot-1.1.3.tar.gz) = f830a525f66379e8e3c61d006fab49547e6709f7aa0f95e70f23c7d26407cc804a0ced9dcfd26af63391d603e9cb5a0714c222c7cdca8599e41852e22e13be80
|
|
||||||
SHA512 (edk2-edk2-stable201905.tar.gz) = 91188923f7d1ab83c0d6abf7ec6d59f357d0341a617ad6a3ae05f3d0e041dff43f62b014b0c5fc5d15e16d8f1c279c581a5cd64b31e3d52b340d7ef90adb50f1
|
SHA512 (edk2-edk2-stable201905.tar.gz) = 91188923f7d1ab83c0d6abf7ec6d59f357d0341a617ad6a3ae05f3d0e041dff43f62b014b0c5fc5d15e16d8f1c279c581a5cd64b31e3d52b340d7ef90adb50f1
|
||||||
SHA512 (openssl-1.1.1b-hobbled.tar.xz) = 8055b19bfeec41fe0607c04d468d2f16a1e5fe02642c8deb67b00878be7e28ab266d13da41b9576800cba0b9448253f26f72ab8889d666f5d23103648f80bea1
|
SHA512 (openssl-1.1.1b-hobbled.tar.xz) = 8055b19bfeec41fe0607c04d468d2f16a1e5fe02642c8deb67b00878be7e28ab266d13da41b9576800cba0b9448253f26f72ab8889d666f5d23103648f80bea1
|
||||||
SHA512 (softfloat-20180726-gitb64af41.tar.xz) = f079debd1bfcc0fe64329a8947b0689ef49246793edcdd28a2879f6550c652b0cf0f53ac4f6f5ab61ac4f7933972e0019d0ab63eb9931b6884c2909f3a5ead30
|
SHA512 (softfloat-20180726-gitb64af41.tar.xz) = f079debd1bfcc0fe64329a8947b0689ef49246793edcdd28a2879f6550c652b0cf0f53ac4f6f5ab61ac4f7933972e0019d0ab63eb9931b6884c2909f3a5ead30
|
||||||
|
SHA512 (qemu-ovmf-secureboot-20190521-gitf158f12.tar.xz) = 4dde79864996398cc8cc39cdf859c1ca64ca0d360b0e5e41af9d9f054d36e1c4999e4324c5140a7329bec9b8d131e773ab8ebc28aba8d3f9f63c25517ee9221a
|
||||||
|
Loading…
Reference in New Issue
Block a user