From ee187b2bd2ed589cb6d767c3b032d9802620c0e9 Mon Sep 17 00:00:00 2001 From: Sergey Cherevko Date: Tue, 10 Oct 2023 11:08:56 +0300 Subject: [PATCH] Modified to use MSVSphere Secure Boot certificates --- .fwupd.metadata | 4 ---- SOURCES/spheresecureboot001.cer | Bin 0 -> 1130 bytes SOURCES/spheresecurebootca.cer | Bin 0 -> 1124 bytes SPECS/fwupd.spec | 24 ++++++++++++------------ 4 files changed, 12 insertions(+), 16 deletions(-) create mode 100644 SOURCES/spheresecureboot001.cer create mode 100644 SOURCES/spheresecurebootca.cer diff --git a/.fwupd.metadata b/.fwupd.metadata index 8ec6c19..7e31521 100644 --- a/.fwupd.metadata +++ b/.fwupd.metadata @@ -13,7 +13,3 @@ d3ae610f5b6e602feded54eae8d67ddb7c60e64f SOURCES/DBXUpdate-20220812-aa64.cab bc6a604b29918d67d5fef745ad4375ca3d43d05e SOURCES/DBXUpdate-20230509-x64.cab 0abed3cf70b97366f77616b908af66f7b4ac6f1f SOURCES/fwupd-1.8.16.tar.xz 147b36f75fca288fd01d9ed4150866344d57df27 SOURCES/fwupd-efi-1.4.tar.xz -4a07b56e28741884b86da6ac91f8f9929541a1e4 SOURCES/redhatsecureboot301.cer -33e260486f5c12e47b72b90dfb779ca892f56c45 SOURCES/redhatsecureboot503.cer -cf9230e69000076727e5b784ec871d22716dc5da SOURCES/redhatsecurebootca3.cer -e6f506462069aa17d2e8610503635c20f3a995c3 SOURCES/redhatsecurebootca5.cer diff --git a/SOURCES/spheresecureboot001.cer b/SOURCES/spheresecureboot001.cer new file mode 100644 index 0000000000000000000000000000000000000000..1cdb65a605fb71d66281bf469697caabdc6e88c3 GIT binary patch literal 1130 zcmXqLVo5V-V)k3W%*4pVB*2jn=H%Y$^KaMQ(=#t;A6a3*%f_kI=F#?@mywa1mBFBK zyP=kW1{-rI3%9VMZ*W*}K}Kp(s)BQBQAuW6W^!UlW`3T6V`)i7eo%uS5^3_x)%rY1&4 zhAU|gB)TdOCR%^@IOf=<*tCQp@_C{_>CwL?A`e~K_6W7-&WrgLlG<;0WN}ies6)Zm zPv<#Idv{)nTNG#6w@COuIy0UYGcwAqg@bWbXMH5;_reR zGcP1%c<mSkpWa<}I+lrszEY1t;i~~NEnDUh4<`Q&XC^MnCU@_C=lj_-bUu%aQt@+(kxcO!CiN!PL&bf3@TlDkMJSBr? z$^HS-7k*g3IA}lT!t%(kF&XFd)>TgF7jc)F#8YHd|Etw<;Vem`)m2>n|JLnU&lB~5 z_tPuSZ^6C~S6$bWTlMTjoXx}yk-0AtzOOfNKNb)@VUn9D(~-+>?Jpf>&8s*&yJe$u z%O$V5eYdZyoDj34uVO(w!`;naXJ{5htezQnVpqLl(XPcu3|Bqhe3og|x{z}JImHP$@&J3Sn|}ZR literal 0 HcmV?d00001 diff --git a/SOURCES/spheresecurebootca.cer b/SOURCES/spheresecurebootca.cer new file mode 100644 index 0000000000000000000000000000000000000000..4db57d718fca340fe0ff696e62220d884a018630 GIT binary patch literal 1124 zcmXqLVo5M)V)j_T%*4pVB*@UFZ|Ac~&52=$)koFJd47%tylk9WZ60mkc^MhGSs4r( zw;O61Xs|JdvTzG4`UZyu7i6Rsr7Ae57L{bCWhN(Uj`GK|oO=K5l^UW_#&M$`vaKHt)4LCt6*o2vaLJb8C z_(2>lVGcj%U>5}+A7?{F19^}Tv#jE#&8%}k6; zO`;_DjSNhY1%|NSni!RkBZ`rgfw_s1pTVGsk&CH`k&)qy#MZ1z^zt>jxZ94nKTmE^M<0hY`(;FOC{bDXmj@ll5 zfzjN*!#8iq-SrRJ&rNO1i(h$uf^v=AmSPQI2j8je@7>NHb$k}P{9#zWL2vOg@9*K9 zjO%9{d3Pge!>XJ6vM)!7&t(*OQ4{$w<(~J>hlM=vh56>){P8m(X&Rr;uXyg5M_=aF zd#c!cIl(KUeOi9wq&poe9vyE}JQ=WZwvhcDaW<#01Nk%5*d9vS-aEhO#K!LpZFb*{ zFP{1_H<)#oj*G%$*%tn!Bohs^qCQPsfM5ln%Bn(kS{dtCESCk%4h> zvOyv^naC=$NEnDUhL)qojD8OVYZ@Ue)oVAqeDUx3lT$WR?%Tx=Jgvr|UhKjU<`Mb-E4!#Sr9##LD_ zyRdQN$y&*e4)&ZXzdvy--#x{_H}-6Sn*7cAbGPT!_Uu_z-?h)_K+o-_?6n*g+8Y-h z>G{I3^L6cuh4-1=pUQbp_4i-G>a=%G{)fG9{r7*rvUchFJejrg((d}cw%c;yfu;7` zqMidQ`kKxve{oL^tnfPfBE+3@;o0}w_a8NQrowmlYpQqT|B^Ogwv}317JFH}z6-s+ z_4eVyYL!jFN+&&+hCk5h{FgL!Q;!#W?}?3 o*v!l5eqe(MqtJoFZrNUcvI?gcr!@R*dbc-^q4#{~_u5O(04vs^n*aa+ literal 0 HcmV?d00001 diff --git a/SPECS/fwupd.spec b/SPECS/fwupd.spec index ca4283d..96abd30 100644 --- a/SPECS/fwupd.spec +++ b/SPECS/fwupd.spec @@ -54,7 +54,7 @@ Summary: Firmware update daemon Name: fwupd Version: 1.8.16 -Release: 1%{?dist} +Release: 1%{?dist}.inferit License: LGPLv2+ URL: https://github.com/fwupd/fwupd Source0: http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz @@ -76,12 +76,9 @@ Source20: http://people.redhat.com/rhughes/dbx/DBXUpdate-20230509-aa64.cab Source21: http://people.redhat.com/rhughes/dbx/DBXUpdate-20230509-ia32.cab Source22: http://people.redhat.com/rhughes/dbx/DBXUpdate-20230509-x64.cab -# these are numbered high just to keep them wildly away from colliding with -# the real package sources, in order to reduce churn. -Source300: redhatsecurebootca3.cer -Source301: redhatsecureboot301.cer -Source500: redhatsecurebootca5.cer -Source503: redhatsecureboot503.cer +# MSVSphere secureboot certificates +Source1000: spheresecurebootca.cer +Source1001: spheresecureboot001.cer BuildRequires: gettext BuildRequires: glib2-devel >= %{glib2_version} @@ -248,11 +245,11 @@ cd - -Dplugin_tpm=enabled \ -Defi_os_dir=%{efi_vendor} \ %ifarch x86_64 - -Dfwupd-efi:efi_sbat_distro_id="rhel" \ - -Dfwupd-efi:efi_sbat_distro_summary="Red Hat Enterprise Linux" \ + -Dfwupd-efi:efi_sbat_distro_id="msvsphere" \ + -Dfwupd-efi:efi_sbat_distro_summary="MSVSphere" \ -Dfwupd-efi:efi_sbat_distro_pkgname="%{name}" \ -Dfwupd-efi:efi_sbat_distro_version="%{version}" \ - -Dfwupd-efi:efi_sbat_distro_url="mail:secalert@redhat.com" \ + -Dfwupd-efi:efi_sbat_distro_url="mailto:security@msvsphere-os.ru" \ -Dfwupd-efi:efi-libdir="/usr/lib64" \ %endif %else @@ -306,8 +303,7 @@ install \ %ifarch x86_64 %global efiarch x64 %global fwup_efi_fn $RPM_BUILD_ROOT%{_libexecdir}/fwupd/efi/fwupd%{efiarch}.efi -%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.tmp -a %{SOURCE300} -c %{SOURCE301} -n redhatsecureboot301 -%pesign -s -i %{fwup_efi_fn}.tmp -o %{fwup_efi_fn}.signed -a %{SOURCE500} -c %{SOURCE503} -n redhatsecureboot503 +%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.signed -a %{SOURCE1000} -c %{SOURCE1001} -n spheresecureboot001 rm -fv %{fwup_efi_fn}.tmp %endif @@ -490,6 +486,10 @@ done %endif %changelog +* Tue Oct 10 2023 Sergey Cherevko - 1.8.16-1.inferit +- Modified to use MSVSphere Secure Boot certificates +- Rebuilt for MSVSphere 9.3 + * Fri Jun 09 2023 Richard Hughes 1.8.16-1 - Update to latest stable upstream version. - Resolves: rhbz#2209944