Robbie Harwood
77d588fe51
Bless the ofnet module down in ppc64le
...
Resolves : #2143420
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-21 20:24:50 +00:00
Robbie Harwood
3bdba954d6
Bump SBAT
...
Resolves: CVE-2022-2601
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-08 11:21:19 -05:00
Robbie Harwood
f2a26f5bbb
Font CVE fixes
...
Resolves: CVE-2022-2601
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-03 19:34:00 +00:00
Robbie Harwood
525d9dc867
gating: re-enable all tests
...
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-11-01 14:22:57 -04:00
Robbie Harwood
f6015fa651
TDX measurement to RTMR
...
Resolves : #1981487
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-10-28 13:06:11 -04:00
Robbie Harwood
1db6b68958
x86-efi: Fix an incorrect array size in kernel allocation
...
Resolves : #2031289
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-10-12 19:44:29 +00:00
Robbie Harwood
c1ebf6e8ba
Sync /etc/kernel/cmdline generation with 2.06-52.fc38
...
Resolves : #1969362
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-25 17:31:05 +00:00
Robbie Harwood
5af1faa717
ieee1275: implement vec5 for cas negotiation
...
Resolves : #2121192
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-25 15:41:57 +00:00
Robbie Harwood
d449759abf
Skip rpm mtime verification on likely-vfat filesystems
...
Resolves : #2047979
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-15 21:04:30 +00:00
Robbie Harwood
b3aed40f50
Generate BLS snippets during mkconfig
...
Resolves : #1969362
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-11 16:26:51 +00:00
Robbie Harwood
8f1a5b9955
Rest of kernel allocator fixups
...
Resolves : #2108456
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-02 14:42:02 +00:00
Robbie Harwood
217d6ad6ef
Kernel allocator fixups
...
Resolves : #2108456
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-02 13:48:57 +00:00
Robbie Harwood
d938855e21
Rebuild against new ppc64le key
...
Resolves : #2074761
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-07-18 19:44:56 +00:00
Robbie Harwood
836032bc4e
Rebuild against new ppc64le key
...
Resolves : #2074761
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-07-18 19:03:10 +00:00
Robbie Harwood
49f16a61fd
Bump release
...
Resolves : #2051314
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-06-28 19:08:57 -04:00
Robbie Harwood
d1284519d3
Bless the TPM module on ppc64le
...
Resolves : #2051314
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-06-28 22:48:20 +00:00
Robbie Harwood
42b3050a74
CVE fixes for 2022-05-24
...
CVE-2022-28736 CVE-2022-28735 CVE-2022-28734 CVE-2022-28733
CVE-2021-3697 CVE-2021-3696 CVE-2021-3695
Resolves : #2070688
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-06-03 14:09:47 -04:00
Robbie Harwood
1b83bb93b8
ppc64le: make ofdisk_retries optional
...
Resolves : #2070725
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-05-17 16:54:01 +00:00
Robbie Harwood
4ff57c1cdd
ppc64le: CAS improvements, prefix detection, and vTPM support
...
Resolves : #2068281
Resolves : #2051314
Resolves : #2076798
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-05-04 18:29:29 +00:00
Robbie Harwood
f0e4b8c683
Fix rpm verification report on grub.cfg permissions
...
Resolves : #2076322
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-05-04 17:31:36 +00:00
Robbie Harwood
e3753ed4c2
First 9.1 build; no changes from 9.0
...
- Fix initialization on efidisk patch
- Re-run signing with updated redhat-release
Resolves : #2062874
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-05-04 12:06:10 -04:00
Robbie Harwood
01f68549dc
Enable connectefi module
...
Resolves : #2049219
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-28 19:16:25 +00:00
Robbie Harwood
82f85447d7
Add efidisk/connectefi patches
...
Resolves : #2049219
Resolves : #2049220
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-24 22:24:21 +00:00
Robbie Harwood
d08fc02f2d
Re-arm GRUB_ENABLE_BLSCFG=false
...
Resolves : #2018331
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-18 21:21:20 +00:00
Robbie Harwood
bfdc50ae19
Stop building unsupported 32-bit UEFI stuff
...
Resolves : #2038401
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-18 20:38:05 +00:00
Brian Stinson
ea946fe76d
Require Secure Boot certs based on architecture
...
Resolves : #2049214
Signed-off-by: Brian Stinson <bstinson@redhat.com>
2022-02-16 15:55:59 -06:00
Brian Stinson
726ced531a
Conditionalize Secure Boot settings per architecture
...
Related: rhbz#2049214
Signed-off-by: Brian Stinson <bstinson@redhat.com>
2022-02-16 15:13:14 -06:00
Robbie Harwood
2ab799de70
Attempt to fix ppc64le signing bugs in previous change
...
Resolves : #2049214
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-16 19:05:03 +00:00
Robbie Harwood
c4d20133ef
Bump spec for previous two signing commits
...
Resolves : #2049214
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-16 12:41:39 -05:00
Brian Stinson
3f01b520d0
Point secureboot certs at the paths defined by the *-sb-certs packages
...
Resolves: rhbz#2049214
Signed-off-by: Brian Stinson <bstinson@redhat.com>
[rharwood: commit message, conditional fix]
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-16 12:39:39 -05:00
Brian Stinson
ac3d500683
Switch grub2 back to single-signing for Secure Boot
...
Related: rhbz#2049214
Signed-off-by: Brian Stinson <bstinson@redhat.com>
2022-02-15 13:00:50 -06:00
Robbie Harwood
6bb9a7593b
CVE-2021-3981 (Incorrect read permission in grub.cfg)
...
Resolves: rhbz#2030724
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-02-02 11:28:15 -05:00
Robbie Harwood
161ae8daaf
Stop having this problem and just copy over the beta tree
...
Resolves: rhbz#2006784
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-04 20:33:19 +00:00
Robbie Harwood
0b61fb6968
Fix NVR in previous change; no code changes
...
Resolves: rhbz#2006784
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-04 14:50:01 -05:00
Robbie Harwood
1742f60e82
Rebuild for correct signatures
...
Resolves: rhbz#2006784
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-01-04 14:14:53 -05:00
Robbie Harwood
575027c3e4
Rebuild for signing; no code changes
...
Resolves: rhbz#2006784
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-12-21 15:50:56 +00:00
Robbie Harwood
29cb68279c
Rebuild for gating; no code changes
...
Resolves: rhbz#2006784
2021-11-19 18:59:40 +00:00
Robbie Harwood
56200915a6
Version jump because our process is bad
...
Resolves: rhbz#2006784
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-10-26 16:36:28 -04:00
Robbie Harwood
4e8839634b
Sync with beta changes
...
Resolves: rhbz#2006784
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2021-10-26 15:49:17 -04:00
Robbie Harwood
4c7c1f4aaf
Rebuild for gating + rpminspect
...
Resolves: rhbz#2006784
2021-09-28 10:26:11 -04:00
Robbie Harwood
69afd9d3a2
Rebuild because our CI infrastructure doesn't work right
...
Resolves: rhbz#2006784
2021-09-23 11:24:24 -04:00
Javier Martinez Canillas
439f9e9576
Update to 2.06 final release and ton of fixes
...
Resolves: rhbz#1976771
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-08-31 13:37:28 +02:00
Javier Martinez Canillas
ea6c160b6a
Fix kernel cmdline params getting overwritten on ppc64le
...
Resolves: rhbz#1973564
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-06-23 11:03:25 +02:00
Javier Martinez Canillas
07b9866096
Add XFS needsrepair support
...
Resolves: rhbz#1940165
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-05-03 17:42:33 +02:00
Javier Martinez Canillas
d2aa233cb7
Find and claim more memory for ieee1275
...
Resolves: rhbz#1873860
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-04-26 11:17:41 +02:00
Javier Martinez Canillas
95fb16271d
Add XFS bigtime support
...
Resolves: rhbz#1940165
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-04-14 16:15:54 +02:00
Javier Martinez Canillas
294df22ef5
do-rebase: use centpkg instead of fedpkg for centos rebases
...
Related: rhbz#1940165
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-04-14 16:15:34 +02:00
Javier Martinez Canillas
583bcec955
Enable RHEL gating
...
Tier 1 tests for GRUB are run in the BaseOS CI pipeline, add a gating.yaml
file for these gating tests to run when doing RHEL builds.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-04-14 12:10:18 +02:00
Javier Martinez Canillas
3131f9646a
Use RHEL distro SBAT data also for CentOS Stream
...
We were adding a CentOS Stream specific SBAT component entry, but doesn't
really make sense since the RHEL 9 content is exactly the same. Otherwise,
in case of a revocation there will be needed two entries in the SbatLevel
variable for no good reasons.
Related: rhbz#1947696
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-04-13 17:22:54 +02:00
Javier Martinez Canillas
09511e8638
Update distro SBAT entry to contain information about CentOS Stream
...
Related: rhbz#1947696
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-04-12 01:36:21 +02:00