diff --git a/centossecureboot801.cer b/centossecureboot801.cer new file mode 100644 index 0000000..c18f616 Binary files /dev/null and b/centossecureboot801.cer differ diff --git a/centossecurebootca8.cer b/centossecurebootca8.cer new file mode 100644 index 0000000..32d84ef Binary files /dev/null and b/centossecurebootca8.cer differ diff --git a/shim.rpmmacros b/shim.rpmmacros index 320af54..2722b05 100644 --- a/shim.rpmmacros +++ b/shim.rpmmacros @@ -118,7 +118,7 @@ version signed by the UEFI signing service. \ else \ cp -av %{-d*}/%{-b*}%{-a*}.efi %{-b*}%{-a*}-unsigned.efi \ fi \ - %{expand:%%sign -i %{-b*}%{-a*}-unsigned.efi -o %{-b*}%{-a*}-signed.efi -n centossecureboot201 -a %{SOURCE2} -c %{SOURCE1} } \ + %{expand:%%sign -i %{-b*}%{-a*}-unsigned.efi -o %{-b*}%{-a*}-signed.efi -n centossecureboot801 -a %{SOURCE2} -c %{SOURCE1} } \ %{nil} # -a diff --git a/shim.spec b/shim.spec index 0b3a4ef..d7af16e 100644 --- a/shim.spec +++ b/shim.spec @@ -1,6 +1,6 @@ Name: shim -Version: 15.8 -Release: 6%{?dist} +Version: 16.1 +Release: 1%{?dist} Summary: First-stage UEFI bootloader License: BSD URL: https://github.com/rhboot/shim/ @@ -12,8 +12,8 @@ ExclusiveArch: %{efi} ExcludeArch: %{arm} %{ix86} Source0: shim.rpmmacros -Source1: centossecureboot201.cer -Source2: centossecurebootca2.cer +Source1: centossecureboot801.cer +Source2: centossecurebootca8.cer Source5: shim.conf # keep these two lists of sources synched up arch-wise. That is 0 and 10 @@ -108,6 +108,10 @@ install -m 0644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/dnf/protected.d/ %endif %changelog +* Fri May 29 2026 Nicolas Frayer - 16.1-1 +- signature/cert: Dual MSFT signature and CentOS 8 series cert +- Resolves: #RHEL-137056 + * Wed Aug 13 2025 Nicolas Frayer - 15.8-6 - Updated sources file with new aa64 EFIs - Related: #RHEL-45014 diff --git a/sources b/sources index e839169..2fd8d28 100644 --- a/sources +++ b/sources @@ -5,4 +5,4 @@ SHA512 (fbx64.efi) = 1bbf117734d042d92e331a9e619b0f48a7da1016c5fbc3ec5461247e9bb SHA512 (mmaa64.efi) = 406fbd719631c07366b609d7eb984bbb749c8be2a63f816e2924aed18b4f1f75e0f84e5937ff47f14f28d8423f59236ebcd1b1a2317f2e1afb1b613a5762e579 SHA512 (mmx64.efi) = caabd963f6a8a05bbb48f0298c683d1f97d3fe4bc68eee4521b2e8bc2c5cdb6ef405b7188031b8ff250b7a1ddafbdc5da241ac30545bfabca42ee2bc45507499 SHA512 (shimaa64.efi) = 66ff2d1a7ee2588ae8f1b41ed472f81bdfd4791e8c646d51f9607592cca6d76e0ad05c98390e97191d9989b390f85cb50b107b2f545cde3cb4f07c1eeee7fc45 -SHA512 (shimx64.efi) = b4dc7ff94feec631d63e496b72d9ea333179204407ba91399d7c5e2c762172a3ab91001604727641ac5b0eaf79fa350d981b05c101c523897987e12b494b03cd +SHA512 (shimx64.efi) = c26bae26171bd8654c7ac14c610bb201f6cf0d0a99891a4356cd3f466745aa7750f58ba49adca33a870867cba3a952b3c9d67989068fe3d1c3a4f09a8e66847e