Robbie Harwood
3bdba954d6
Bump SBAT
...
Resolves: CVE-2022-2601
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-08 11:21:19 -05:00
Robbie Harwood
f2a26f5bbb
Font CVE fixes
...
Resolves: CVE-2022-2601
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-03 19:34:00 +00:00
Robbie Harwood
525d9dc867
gating: re-enable all tests
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-01 14:22:57 -04:00
Robbie Harwood
f6015fa651
TDX measurement to RTMR
...
Resolves : #1981487
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-10-28 13:06:11 -04:00
Robbie Harwood
1db6b68958
x86-efi: Fix an incorrect array size in kernel allocation
...
Resolves : #2031289
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-10-12 19:44:29 +00:00
Robbie Harwood
c1ebf6e8ba
Sync /etc/kernel/cmdline generation with 2.06-52.fc38
...
Resolves : #1969362
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-25 17:31:05 +00:00
Robbie Harwood
5af1faa717
ieee1275: implement vec5 for cas negotiation
...
Resolves : #2121192
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-25 15:41:57 +00:00
Robbie Harwood
d449759abf
Skip rpm mtime verification on likely-vfat filesystems
...
Resolves : #2047979
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-15 21:04:30 +00:00
Robbie Harwood
b3aed40f50
Generate BLS snippets during mkconfig
...
Resolves : #1969362
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-11 16:26:51 +00:00
Robbie Harwood
8f1a5b9955
Rest of kernel allocator fixups
...
Resolves : #2108456
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-02 14:42:02 +00:00
Robbie Harwood
217d6ad6ef
Kernel allocator fixups
...
Resolves : #2108456
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-02 13:48:57 +00:00
Robbie Harwood
d938855e21
Rebuild against new ppc64le key
...
Resolves : #2074761
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-07-18 19:44:56 +00:00
Robbie Harwood
836032bc4e
Rebuild against new ppc64le key
...
Resolves : #2074761
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-07-18 19:03:10 +00:00
Robbie Harwood
49f16a61fd
Bump release
...
Resolves : #2051314
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-06-28 19:08:57 -04:00
Robbie Harwood
d1284519d3
Bless the TPM module on ppc64le
...
Resolves : #2051314
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-06-28 22:48:20 +00:00
Robbie Harwood
42b3050a74
CVE fixes for 2022-05-24
...
CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733
CVE-2021-3697 CVE-2021-3696 CVE-2021-3695
Resolves : #2070688
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-06-03 14:09:47 -04:00
Robbie Harwood
1b83bb93b8
ppc64le: make ofdisk_retries optional
...
Resolves : #2070725
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-05-17 16:54:01 +00:00
Robbie Harwood
4ff57c1cdd
ppc64le: CAS improvements, prefix detection, and vTPM support
...
Resolves : #2068281
Resolves : #2051314
Resolves : #2076798
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-05-04 18:29:29 +00:00
Robbie Harwood
f0e4b8c683
Fix rpm verification report on grub.cfg permissions
...
Resolves : #2076322
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-05-04 17:31:36 +00:00
Robbie Harwood
e3753ed4c2
First 9.1 build; no changes from 9.0
...
- Fix initialization on efidisk patch
- Re-run signing with updated redhat-release
Resolves : #2062874
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-05-04 12:06:10 -04:00
Robbie Harwood
01f68549dc
Enable connectefi module
...
Resolves : #2049219
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-28 19:16:25 +00:00
Robbie Harwood
82f85447d7
Add efidisk/connectefi patches
...
Resolves : #2049219
Resolves : #2049220
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-24 22:24:21 +00:00
Robbie Harwood
d08fc02f2d
Re-arm GRUB_ENABLE_BLSCFG=false
...
Resolves : #2018331
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-18 21:21:20 +00:00
Robbie Harwood
bfdc50ae19
Stop building unsupported 32-bit UEFI stuff
...
Resolves : #2038401
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-18 20:38:05 +00:00
Brian Stinson
ea946fe76d
Require Secure Boot certs based on architecture
...
Resolves : #2049214
Signed-off-by: Brian Stinson <bstinson@redhat.com>
2022-02-16 15:55:59 -06:00
Brian Stinson
726ced531a
Conditionalize Secure Boot settings per architecture
...
Related: rhbz#2049214
Signed-off-by: Brian Stinson <bstinson@redhat.com>
2022-02-16 15:13:14 -06:00
Robbie Harwood
2ab799de70
Attempt to fix ppc64le signing bugs in previous change
...
Resolves : #2049214
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-16 19:05:03 +00:00
Robbie Harwood
c4d20133ef
Bump spec for previous two signing commits
...
Resolves : #2049214
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-16 12:41:39 -05:00
Brian Stinson
3f01b520d0
Point secureboot certs at the paths defined by the *-sb-certs packages
...
Resolves: rhbz#2049214
Signed-off-by: Brian Stinson <bstinson@redhat.com>
[rharwood: commit message, conditional fix]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-16 12:39:39 -05:00
Brian Stinson
ac3d500683
Switch grub2 back to single-signing for Secure Boot
...
Related: rhbz#2049214
Signed-off-by: Brian Stinson <bstinson@redhat.com>
2022-02-15 13:00:50 -06:00
Robbie Harwood
6bb9a7593b
CVE-2021-3981 (Incorrect read permission in grub.cfg)
...
Resolves: rhbz#2030724
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-02 11:28:15 -05:00
Robbie Harwood
161ae8daaf
Stop having this problem and just copy over the beta tree
...
Resolves: rhbz#2006784
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-04 20:33:19 +00:00
Robbie Harwood
0b61fb6968
Fix NVR in previous change; no code changes
...
Resolves: rhbz#2006784
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-04 14:50:01 -05:00
Robbie Harwood
1742f60e82
Rebuild for correct signatures
...
Resolves: rhbz#2006784
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-04 14:14:53 -05:00
Robbie Harwood
575027c3e4
Rebuild for signing; no code changes
...
Resolves: rhbz#2006784
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-12-21 15:50:56 +00:00
Robbie Harwood
29cb68279c
Rebuild for gating; no code changes
...
Resolves: rhbz#2006784
2021-11-19 18:59:40 +00:00
Robbie Harwood
56200915a6
Version jump because our process is bad
...
Resolves: rhbz#2006784
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-10-26 16:36:28 -04:00
Robbie Harwood
4e8839634b
Sync with beta changes
...
Resolves: rhbz#2006784
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-10-26 15:49:17 -04:00
Robbie Harwood
4c7c1f4aaf
Rebuild for gating + rpminspect
...
Resolves: rhbz#2006784
2021-09-28 10:26:11 -04:00
Robbie Harwood
69afd9d3a2
Rebuild because our CI infrastructure doesn't work right
...
Resolves: rhbz#2006784
2021-09-23 11:24:24 -04:00
Javier Martinez Canillas
439f9e9576
Update to 2.06 final release and ton of fixes
...
Resolves: rhbz#1976771
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-08-31 13:37:28 +02:00
Javier Martinez Canillas
ea6c160b6a
Fix kernel cmdline params getting overwritten on ppc64le
...
Resolves: rhbz#1973564
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-06-23 11:03:25 +02:00
Javier Martinez Canillas
07b9866096
Add XFS needsrepair support
...
Resolves: rhbz#1940165
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-05-03 17:42:33 +02:00
Javier Martinez Canillas
d2aa233cb7
Find and claim more memory for ieee1275
...
Resolves: rhbz#1873860
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-04-26 11:17:41 +02:00
Javier Martinez Canillas
95fb16271d
Add XFS bigtime support
...
Resolves: rhbz#1940165
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-04-14 16:15:54 +02:00
Javier Martinez Canillas
294df22ef5
do-rebase: use centpkg instead of fedpkg for centos rebases
...
Related: rhbz#1940165
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-04-14 16:15:34 +02:00
Javier Martinez Canillas
583bcec955
Enable RHEL gating
...
Tier 1 tests for GRUB are run in the BaseOS CI pipeline, add a gating.yaml
file for these gating tests to run when doing RHEL builds.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-04-14 12:10:18 +02:00
Javier Martinez Canillas
3131f9646a
Use RHEL distro SBAT data also for CentOS Stream
...
We were adding a CentOS Stream specific SBAT component entry, but doesn't
really make sense since the RHEL 9 content is exactly the same. Otherwise,
in case of a revocation there will be needed two entries in the SbatLevel
variable for no good reasons.
Related: rhbz#1947696
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-04-13 17:22:54 +02:00
Javier Martinez Canillas
09511e8638
Update distro SBAT entry to contain information about CentOS Stream
...
Related: rhbz#1947696
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-04-12 01:36:21 +02:00
Javier Martinez Canillas
1d49572ef1
Update to latest content from upstream sources
...
The content of this branch was not automatically imported from upstream
sources. Pull the latest from upstream to have the missing changes here.
Source: https://src.fedoraproject.org/rpms/grub2.git#f2763e56df79eccae17d2e8fa13d2f51a0fe7073
Resolves: rhbz#1947696
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-04-12 01:36:21 +02:00