From 265fe38d678cc3c69d44aac0e2babbbe1ac1174c Mon Sep 17 00:00:00 2001 From: Eduard Abdullin Date: Tue, 8 Jul 2025 13:26:49 +0000 Subject: [PATCH] Add SB for aarch64 AlmaLinux changes --- .gitignore | 1 + shim.rpmmacros | 10 +++++----- shim.spec | 13 ++++++++++--- sources | 21 +++++++++++++-------- 4 files changed, 29 insertions(+), 16 deletions(-) diff --git a/.gitignore b/.gitignore index 59c1072..e23a0e1 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ /fbaa64.efi /mmaa64.efi /shimaa64.efi +SOURCES/almalinuxsecurebootca0.cer diff --git a/shim.rpmmacros b/shim.rpmmacros index 320af54..db3f7ae 100644 --- a/shim.rpmmacros +++ b/shim.rpmmacros @@ -21,8 +21,8 @@ %global mmefix64 %{expand:%{SOURCE42}} #%%global mmefiarm %%{expand:%%{SOURCE43} -%global shimveraa64 15.8-2.el9 -%global shimverx64 15.8-2.el9 +%global shimveraa64 15.8-2.el9.alma.1 +%global shimverx64 15.8-2.el9.alma.1 #%%global shimverarm 15-1.el8 %global shimdiraa64 %{_datadir}/shim/%{shimveraa64}/aa64 @@ -178,17 +178,17 @@ install -m 0700 fb%{-a*}.efi \\\ %%verify(not mtime) %{efi_esp_boot}/*%{-A*}.EFI \ %{nil} -%ifarch x86_64 +%ifarch %{x86_64} %global is_signed yes %global is_alt_signed no %global provide_legacy_shim 1 %endif %ifarch aarch64 -%global is_signed no +%global is_signed yes %global is_alt_signed no %global provide_legacy_shim 1 %endif -%ifnarch x86_64 aarch64 +%ifnarch %{x86_64} aarch64 %global is_signed no %global is_alt_signed no %global provide_legacy_shim 0 diff --git a/shim.spec b/shim.spec index c729a4d..935e3c5 100644 --- a/shim.spec +++ b/shim.spec @@ -1,6 +1,10 @@ +%global efi_vendor almalinux +%global efidir almalinux +%global efi_esp_dir /boot/efi/EFI/%{efidir} + Name: shim Version: 15.8 -Release: 5%{?dist} +Release: 5%{?dist}.alma.1 Summary: First-stage UEFI bootloader License: BSD URL: https://github.com/rhboot/shim/ @@ -12,8 +16,7 @@ ExclusiveArch: %{efi} ExcludeArch: %{arm} %{ix86} Source0: shim.rpmmacros -Source1: centossecureboot201.cer -Source2: centossecurebootca2.cer +Source1: almalinuxsecurebootca0.cer Source5: shim.conf # keep these two lists of sources synched up arch-wise. That is 0 and 10 @@ -108,6 +111,10 @@ install -m 0644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/dnf/protected.d/ %endif %changelog +* Tue Jul 08 2025 Eduard Abdullin - 15.8-5.alma.1 +- Add SB for aarch64 +- AlmaLinux changes + * Wed Jul 2 2025 Nicolas Frayer - 15.8-5 - First build for Centos Stream 10 - Resolves: #RHEL-45014 diff --git a/sources b/sources index 39c05f1..43d7e08 100644 --- a/sources +++ b/sources @@ -1,8 +1,13 @@ -SHA512 (shimx64.efi) = b4dc7ff94feec631d63e496b72d9ea333179204407ba91399d7c5e2c762172a3ab91001604727641ac5b0eaf79fa350d981b05c101c523897987e12b494b03cd -SHA512 (fbx64.efi) = 1bbf117734d042d92e331a9e619b0f48a7da1016c5fbc3ec5461247e9bb599df200b98ad9ffe82300550f884e8e3b2457763c7f3fd9cf142fbef76aa3b10d0a5 -SHA512 (mmx64.efi) = caabd963f6a8a05bbb48f0298c683d1f97d3fe4bc68eee4521b2e8bc2c5cdb6ef405b7188031b8ff250b7a1ddafbdc5da241ac30545bfabca42ee2bc45507499 -SHA512 (BOOTX64.CSV) = 16936301ec1b098022aac2428d31a4849a585e047493a64916427a235287b8d81bc285b0371a270e77ed476b71c741b8d7e7158986b167c3d6bb982705764e16 -SHA512 (BOOTAA64.CSV) = 1c1bac8c2627b704e8b091d2e0c81d55a8bd7420450fe429e20efe8830fa377fdf48c51c2e658e3d0ecee491845bf5cc696ba848669dc26d23687ed5fe5efa76 -SHA512 (fbaa64.efi) = 5816080369a5fa47bed503b1fad4c31d35c88be2fc2a3c513c6bae7159bc95d989dfe3cb773fd6a452360040b6035689179bf29c5d68cc912d7272c7472c7d5d -SHA512 (mmaa64.efi) = c422b693831aee23bdf4224a6996edad9c6a91ebc66eeb9bc1bc5d98942a963fad2db077d0804d2b3382b483c7d39a0fb37987214810b4e14d193a97c3c2debe -SHA512 (shimaa64.efi) = 8ded3a96b6b02afb39e5df829913c1536afb1e711239f5f58620d4dec622a722725cdd8764830da0a93acce7f9741f6e9235a67254da12e240dc3ff032c536fb +SHA512 (almalinuxsecurebootca0.cer) = 9190a7d5808d3f4181f0f868d07ba83368357a02970f40594e5ec880d33771d890c69f1dfd4ce6c2bc92e6e14217be1aebf7ecc045e6603032b50e33228763ae +SHA512 (BOOTAA64.CSV) = 2dfc78bee3d6e7f27cab8037ace24b9d62d2b3e5056751a32259d997fbaba5ef6015d6c50c842f29e2a31b94c3dc63476fb61803b25f504255c32c04a5a8255c +SHA512 (BOOTIA32.CSV) = b1b84e9377cea35ed32b034f8258b460105f47159b393265d2346fc16ee02bdfa6af482559670445c6c0ac808e928a1a0ca51731d5367fc14302282fa5ae5dc2 +SHA512 (BOOTX64.CSV) = 6566d163836a0da9caa31a14b41178a2cf82f96a751a3eff87dcdc0a40b1521b27b35bf7a1d5774e00f605e569f5be1a6baff7e00e3a93f5d6ca3844188034d3 +SHA512 (fbaa64.efi) = 89c3e69248417b8eed69623d52f7cdb3350f29e31f324e9e660d3ea824e15eca098dc5ee70014fc5132e57ffc880992629b4dfc5d558a4d291e3dce438fc4245 +SHA512 (fbia32.efi) = cb0e31383f652d6f15246a97cedbecc06b351c33086082896f9021f7a9a6df0980ad85a564cef3a6614f2b2f3889d7e5a1bd45934f7e5f29b6c6f097d749bad3 +SHA512 (fbx64.efi) = c5007065304b8f9d758723afe99982509a287cf067e958a722c24abb4ae4bc5217cd7e0086090f15495cf016a9b07f89cdc1a123edea4770109dc9c2df555691 +SHA512 (mmaa64.efi) = deb2cf75b72b0d8a0af329e91a8a73d0e717f64908086bcca805cb8daf90a034f5e094b44dd60f16ab228e4e43646c23932cf0b2d955140220b01c7d36301d57 +SHA512 (mmia32.efi) = 02d83bca3fbd79f6d263699c2598a41b8d105c47ce51e646fe0ea41b02c5a8adbec806109aabbdb9fb1dd89cc3a129627ff41ded444d87dd3afeb4770a18b609 +SHA512 (mmx64.efi) = e843d1f245cc221c6f4dcfa557d6b558064d2632a24ad47aeaff44e6a9329cc3f8f1224cac2ac583671d70e63c9d4e5ea31fcb958e2a89e5fe9a28b7a134e469 +SHA512 (shimaa64.efi) = 64bda0d6266e462a265dd3cf9e8b03c242a73f7f69477927d30d72c9254b2cf8e4ddde21994f8ae87f80aaa49715ab0ed9b5143fd29d57f21c6d34fa4e204e96 +SHA512 (shimia32.efi) = 50631c93e23fde6c34e89c4889b8407bcfe341e7406965e5289e519f720a79e9c2d286c851e5c47d0f5cb52d3406594a63b215526932e9483f745f3794b46bdf +SHA512 (shimx64.efi) = c568413747d83e24f7be27beec25dcb58952993dfbb4caaffb5403120a51a2c16500f713929f205915ee32a7736a49cc16c5b1c22b82200d59db8c9d5ba2d378