From f3678faf2571319601d24b2a2ba51d1183e1d85c Mon Sep 17 00:00:00 2001
From: Eugene Zamriy <eugene@zamriy.info>
Date: Tue, 28 Mar 2023 00:18:33 +0300
Subject: [PATCH] Modified to use MSVSphere Secure Boot certificates

---
 SOURCES/redhatsecureboot301.cer | Bin 839 -> 0 bytes
 SOURCES/redhatsecureboot503.cer | Bin 964 -> 0 bytes
 SOURCES/redhatsecurebootca3.cer | Bin 977 -> 0 bytes
 SOURCES/redhatsecurebootca5.cer | Bin 920 -> 0 bytes
 SOURCES/spheresecureboot001.cer | Bin 0 -> 1130 bytes
 SOURCES/spheresecurebootca.cer  | Bin 0 -> 1124 bytes
 SPECS/fwupd.spec                |  26 +++++++++++---------------
 7 files changed, 11 insertions(+), 15 deletions(-)
 delete mode 100644 SOURCES/redhatsecureboot301.cer
 delete mode 100644 SOURCES/redhatsecureboot503.cer
 delete mode 100644 SOURCES/redhatsecurebootca3.cer
 delete mode 100644 SOURCES/redhatsecurebootca5.cer
 create mode 100644 SOURCES/spheresecureboot001.cer
 create mode 100644 SOURCES/spheresecurebootca.cer

diff --git a/SOURCES/redhatsecureboot301.cer b/SOURCES/redhatsecureboot301.cer
deleted file mode 100644
index 4ff8b79e6736e566dbf39603e0887a53345aa4e4..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 839
zcmXqLVs<uYV$xo~%*4pV#L4h}zvyHQr&Ia{ylk9WZ60mkc^MhGSs4s`4b=@)*_cCF
zn1$tnQd1N>5=#_<Q<F=JQWc!?^Gg&ooE;UiQ!5n=H4T*v6ySO}8O4N)Q<D>OQj1C)
zic(WD5=-=w^K%X4#CZ)(42%qc(A3<>AWEFq*xbO#zzobaj4}u^)G^S4Sf`BDy5h|A
zyv)3GQtWJER6_O@BP#=Q6C*!^K@%evQxhX2!zT5vqmx`?o`(oz{$eeCezR_cLPyl%
zHpef<Z?c)s9bV+G*2GY{zUlen&--<nt5(QI#He!|D#@MA6@S7f!DrgWI=@zC&C^a<
zS^NJVseCT_+kC+hmfzF#Tx_$BdDsQaxH<oTd&Lst*YdY!eYroouj_1-&+(6kqHpHi
znY}t@nRQ&w=1_h6OY<eQl|Q`<JrTM7n!i`t_o#KdW$w9@pD!~JJ80ql!v4;Yj`D4+
zCJ#<$T1i;hJiEmZa%<xJ%U=UFoRVA<Io&opOJuT!pLNleeH**jw6<(2uj!q8$Hi$^
z<>qUbuO&%O^nA}y6#9BjM%~U7Q(5kw6_YN1epR)|xb9Elg4_B`%!~|-ixmyz4P=2K
zFU!Xw#v&5#_@80Rp3FS`6#W&an$HJBb(91l2O=<O00WVcA<H>d+v%~@6}B_2%&Mg`
zDvt6_STWb-ZhXD^RgaJz3Cq5o4B43+oEZD&XVQnj{jXOGHfUJJB>qmC?A`ut>Ahpw
zdM-|DZzz7Yc^I3-u|J*vqdKqQ`kIF?LJd~2r8XOg&f%Z+Yj((@r{(*;Y?_w8rSDJJ
zntk_K74NJ(drfx5hIZaKImf>p{fSPd=}qfHlV8OA-0dHz$M#&#on!XF_3NjY{(Hxy
zbKN4k{8NvC{Y9;Yo!51>R!)l5n2-{5CgAUe(k!NLc|1u*B2w==ttY-NzWb+N=75O&
zzv2uf{%c3S9%5x`<-dQv`g=w9>l=;D-vz#WO}UeuefPU1`=|Tw9$I=mIi&>vg+x|L

diff --git a/SOURCES/redhatsecureboot503.cer b/SOURCES/redhatsecureboot503.cer
deleted file mode 100644
index 50e375c7461e78286033119e7b6f9d55fdb3543c..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 964
zcmXqLVm@Hd#I#}oGZP~d6DPygP|MB7r^(JY;AP{~YV&CO&dbQi&B|a9ZzyIU!p0oR
z!o|ZIl$xU8kyxUm;F*`KXQ*f(4-#kQk${RT1g9pK7NsgU<>!|uI6Eqs8Y&qmz)j<1
z6ca8^O-{^7Eh=#+N=?Z~EYVBO&oz(}=QT1gFf*_;G%zqQvWODrHMTG?G_-(n4bpHr
zK*K-{;sAMU4hYUn&&$k9S1>g&CdwU6j7rFUXJlnyZerwTFlb`rVrpV!WSFGBlyl!b
z@AvOl&N7VJBQfm-*Gb3trqyBYpMP7O)-t#1KVhSL*Xm1lv+vaB_D}D5y>Gs;>;9|c
zS*nVeCj;4XQ<W5EH}Tym*%7#-`^=J5b6<()Q(oN)UG=c#X@PDG|D|)8BFXE`LN70!
z({ppBocU#L2Mzmw%yzNu{TCnYNRo7l+8N3Ar9?sTf%8%I4E>qR$0JPJB$l15Dm#Ah
z*G9?ng;qBhTt7zi_9piI<x>B1HKryy*<#h?ozG0H9pAq!Hx`|9`sDeVhoQ|+Ba2Qv
zo-yfhS&G=>BcJvO?o=@Oz`Lz_kxrWF{OxXgEW`@xmVMa7-nq`c>PBzQ|M_C~MBFr9
zPrLh_iJ6gsadCw~nE?+l)MbSk8UM2|888^|fq48N9t$%QdxL=(h_4Fb^B8ckacHwK
zva+%>GaJZ)#Q9jnSVS6UDoF(Enx4Ng{cq63UVh2ku$$W8v?Qy{B4HrbAaW*u>2r;Y
zU7miEXYbA6p6F6GYkog++yK)hFm4zb1h29y$1xV|D)`m!I6+~4tbNet)HA$J5+1X7
z^`aP;7*9J<6!|s6!sq4b3!SQO4a7XU<hYNmSt)Sj{sGGme_8wLH;80w@%iX1pZIcx
z0HbhszX{Wf-ZPa(;$1I}aZKu3Gg0`%X1>c(LMA*hcX#E?K3&s2<&fsu=j-COdYrFG
zd%)%2@WE8TTRmd4$Nz&#rSC6shKtRebdaxGHOuddxkF-v`v-gbQf5te+s{&O)6ChW
zul|X<TE>wxt5?3lD7D<Zy*<)^qe1vpo8k7zPNfShjXovv+vL_x{LZ@Qx1!(5?Fo~D
krrxM3=gkuDU3No_PxZqi?)hb&YG1?o*9G0@RS=B?0A4m<y8r+H

diff --git a/SOURCES/redhatsecurebootca3.cer b/SOURCES/redhatsecurebootca3.cer
deleted file mode 100644
index b2354007b9668258683b99a68fa5bdd3067c31b1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 977
zcmXqLVm@oo#I$t*GZP~d6DPykKFO2}lmD>>ylk9WZ60mkc^MhGSs4s`4b=@)*_cCF
zn1$tnQd1N>5=#_<Q<F=JQWc!?^Gg&ooE;UiQ!5n=H4T*v6ySO}8O4N)Q<D>OQj1C)
zic(WD5=-=w^K%X4#CZ)(42%qc(8R>VG)kP;*xbO#zzoWzwslR6O2{5!WMyD(V&rEq
zXkz4IYGPz$nC+~<?2{)QQnbB!-tOilfvp!W+5DVoSG#L+<>vi6EDouC4!V-;tv&JA
zN}nf->iaHo2tM8rAb&8=Njdj{a^${=Z?aE)&k<1VH{Q3Wx7jKD-_5CYum4K4d~JV`
z`ccOE*<7!m22LI4&u3g0F3h!NN?ysm?c*7~^lIfF3D-Xhnr_&uU!bJ$?ZS8WW+A0-
zr9raw{Iep~On)hDAUrqc*pZy>@YoE^;z#ABPp))utMY{K9XOZuN+87Vv97^}gccFK
z6&c%&T=rzVyKuJ1S>c?R<K#PxtGGq~?cMg~=gYe$SJ$!S^;`(O<ep~wX+Qso!rIJ(
zZL23GL@b?{ZqYAz@%i~&roT+gj0}v68`m2&t}&1W#<DCQix`WDgIJ50%Q>q?77kYS
zv==`X%}M<cV^9l{R%R(PC~3f|U}4}Ae=0{`6H>C|0a-81!fL?G$oL;QPJxLO7^jR3
zp{b9(0{X(lQ;+K%h_CKtxc%nd+9kH!CBia&JkgcqO9LvF9(I1~^2+p(_fBqs&+@+g
zjZG)^b(y8?lr#NV`RkoR|I-BpaSiJiPBV7drX0Bbe!0fPB95K&)ygj1YM5%bK;(6L
z=7Y@r2hM%A`uyr;o|A^(c{icYtu_B=WuE^MZ_<<d&TsQv+iB;vWxkm>i|1QMhsQHT
z<L>4}wg*#%C!d<*ePQAKPyWoS|9R;jPUx*P-5Ksuo_~6c3tyKHzf+y+r*{_;vOAw>
zmv4Wk&h*1hGe;ze)#t#BH;PsH)$e|FOmna8+@9jW!^ymRMf{q+C84h)mppfN*sxn6
NnfI|Q%N6m!6aeL$dME$@

diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer
deleted file mode 100644
index dfb0284954861282d1a0ce16c8c5cdc71c27659f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 920
zcmXqLVxD5q#8k6@nTe5!iIbtZm{+@~;bN2lFB_*;n@8JsUPeZ4RtAH3LoovpHs(+k
zE*{>X)D#7e#1b6^&%9(kLq!95kT^4s1XNrhI5oMnC{@8JKfgr5*-^pNP{}|6ZW<?}
zm~e4wa$-(uQHeuQYDz|8iC%Jku7R95uaSX)nSrH&g`ugjS(G@hv4w%5p#_vndj~Wz
zDj|ECk(GhDiIJbdpox)-sfm%1;oPoQj^Z+n3p+UXFTAqySFqmPd3*j?Ys@hSTEP8<
zf#2*zv*WjwCq+F|Q?70*n-_6VPwv(E$rjn}*LF=h`h($l`O@&r`;HrrOo-N1I9RfZ
zxvgQ_lF0WfJ6z&|9Ilj$E@Ww)^ZxU(`JeguueG>6NxP$#b?ru1p1aqn$3D)YB{Qqo
zjCvjz?|=HkE#3AN-xTZpws*U~)f@D<hHx*rr)(NEvzYZp!}C-TDRu*$;<gRCi<g-#
z^KFcsxIBILE9>Z{t~uwMZy8<;F%jD%$u6!n#qYzp^Sryh{C;x9qf@!N=T4ui@b#({
zSD&^p3kNZ=9lAQ9%xdfP9doNToV+k2^LHOF<JVRuW=00a#lZ%F2C~5TmgQp+V-Y!%
zzx26A#x764$+P!na8Gn8n>D{5oE&78StJa^8n7$i2k94PWc<&<YQPMnkb@nV)_}pz
z$RPVX&M7PHOp)E}n3L-lp9;}?o3i@APVs%}E9D|KM%wramRy`J6~x-Y+I90o>xr*#
z`sciS&XK#@>h!OC8{=mczNLHbADCJ+pE=-CsaDOF#s}?5Q)1qq&%R~#cz>QmiAiVx
zk5XXYstAL9d+iK-w@u$FES<YPN5Z<$i*sS8`10oxUvmRDUKTjPckPLhB$Kz)rb~A;
z7pqN`Wn_C2lv%-c*}%nRLuvV$khM?pl$8F*{-4ao^K*vP9Lw!IjTb)uU|-JJoj<4R
z;o3irGXj>ybMIPOFY~9lmn~9nUf%vMc88@((p0B(#qL+!COmt7`j5IhPVzo{cRPw}
Pd!}BnFF!b8N6JS4>O*3Z

diff --git a/SOURCES/spheresecureboot001.cer b/SOURCES/spheresecureboot001.cer
new file mode 100644
index 0000000000000000000000000000000000000000..1cdb65a605fb71d66281bf469697caabdc6e88c3
GIT binary patch
literal 1130
zcmXqLVo5V-V)k3W%*4pVB*2jn=H%Y$^KaMQ(=#t;A6a3*%f_kI=F#?@mywa1mBFBK
zyP=kW1{-rI3%9VMZ*W*}K}Kp(s)BQBQAuW6W^!UlW`3T6V`)i7eo<ygrJ;&}5?ntg
zqnK!MYH}$^!XdY~tQf3Suc*|JA7~5EM0Q~|-~8g_{BoE82V8*LfD@#GO_(Vt)KJiX
zAH?Aj=J0b4c2V&0aW+&mkOv7d3rir}6b!N}RlzAgzeK^=(Lh0**T~qw*vQDx%*4pl
zBuawc$iNg?z@Tx@p!A!XfeOTLve^9=oSB}NnU`+R#HfTETa2s>%uS5^3_x)%rY1&4
zhAU|gB)TdOCR%^@IOf=<*tCQp@_C{_>CwL?A`e~K_6W7-&WrgLlG<;0WN}ies6)Zm
zPv<#<P92{Tm~`RyA30max)lNra}W0X<nDCjiK^4tdq#9sj)wOX<^}d*(N8xYXSG`X
zg~MLrs_s(Z@afOF80sROi;vEE;(O=V+HUjgofSzwf}VbB4d&Q(M)ECj6uR--P{}5|
z^xaa|&}(<Rr^$R>Idv{)nTNG#6w@<h?WF60U(>COuIy0UYGcwAqg@bWbXMH5;_reR
zGcP1%c<<cY`}d2UN&F3ulWAWko_}Z3p0VQ8x?85MF+M9DK0I8s*SMo6xa(~4RMuDz
z*>mSkpWa<}I+lr<k%4h>szEY1t;i~~NEnDUh<HY(ZxzltalbBQr_$q<rUBVgTdo=i
z0|Q)Em4(NEi;Y8@jggg=otfEy2P7!W$oQXy$$-H?7R2LY5n~Z~8KqR_ch2Nw=3b|m
znymRz`_@bkK#mAtwgE;2BZGI;iK^z(156J%MDITM#&2xX-*TPBQkZq7ZS<|fu9swW
zs^tIntSc>4<`Q&XC^MnCU@_C=lj_-bUu%aQt@+(kxcO!CiN!PL&bf3@TlDkMJSBr?
z$^HS-7k*g3IA}lT!t%(kF&XFd)>TgF7jc)F#8YHd|Etw<;Vem`)m2>n|JLnU&lB~5
z_tPuSZ^6C~S6$bWTlMTjoXx}yk-0AtzOOfNKNb)@VUn9D(~-+>?Jpf>&8s*&yJe$u
z%O$V5eYdZyoDj34uVO(w!`;naXJ{5htezQnVpqLl(XPcu3|Bqhe3og|x{z}JImH<X
h%hn&+T$PtHWgesSfuB1*#{9i^n&J9eU$>P$@&J3Sn|}ZR

literal 0
HcmV?d00001

diff --git a/SOURCES/spheresecurebootca.cer b/SOURCES/spheresecurebootca.cer
new file mode 100644
index 0000000000000000000000000000000000000000..4db57d718fca340fe0ff696e62220d884a018630
GIT binary patch
literal 1124
zcmXqLVo5M)V)j_T%*4pVB*@UFZ|Ac~&52=$)koFJd47%tylk9WZ60mkc^MhGSs4r(
zw;O61Xs|JdvTzG4`UZyu7i6Rsr7Ae57L{bCWhN(<Waj57IF^=V<QHX@R2r%nD8cn}
zGKz^7rzV$zBph;!%ZkBT^@>Uj`GK|oO=K5l^UW_#&M$`vaKHt)4LCt6*o2vaLJb8C
z_(2>lVGcj%U>5}+A7?{F19^}Tv#<ohO~D|$QWc!?^Gg(*9Ss!3d5w$>jE#&8%}k6;
zO`;_DjSNhY1%|NSni!RkBZ`rgfw_s1pTVGsk&CH`k&)qy<gNA3Ykn=;Za25Nr@$b1
z+MFp<^e6Fdzp(CImL40oK9}>#MZ1z^zt>jxZ94nKTmE^M<0hY`(;FOC{bDXmj@ll5
zfzjN*!#8iq-SrRJ&rNO1i(h$uf^v=AmSPQI2j8je@7>NHb$k}P{9#zWL2vOg@9*K9
zjO%9{d3Pge!>XJ6vM)!7&t(*OQ4{$w<(~J>hlM=vh56>){P8m(X&Rr;uXyg5M_=aF
zd#c!cIl(KUeOi9wq&poe9vyE}JQ=WZwvhcDaW<#01Nk%5*d9vS-aEhO#K!LpZFb*{
zFP{1_<FEY#W&zb5^>H<)#oj*G%$*%tn!Bohs^qCQPsfM5ln%Bn(kS{dtCESCk%4h>
zvOyv^naC=$NEnDUh<HY(ZxzltalbBQr_$q<rUBVgTdo@L0n?EzKO^IR78YQZXagrT
zSz!>L)qojD8OVYZ@Ue)oVAqeDUx3lT$WR?%Tx=Jgvr|UhKjU<`Mb-E4!#Sr9##LD_
zyRdQN$y&*e4)&ZXzdvy--#x{_H}-6Sn*7cAbGPT!_Uu_z-?h)_K+o-_?6n*g+8Y-h
z>G{I3^L6cuh4-1=pUQbp_4i-G>a=%G{)fG9{r7*rvUchFJejrg((d}cw%c;yfu;7`
zqMidQ`kKxve{oL^tnfPfBE+3@;o0}w_a8NQrowmlYpQqT|B^Ogwv}317JFH}z6-s+
z_4eVyYL!jFN+&&+hCk5h{FgL!Q;!#W?}?3<l=?aMuJmK<I2$s#MrlUiq9a#-CiLp>
o*v!l5eqe(MqtJoFZrNUcvI?gcr!@R*dbc-^q4#{~_u5O(04vs^n*aa+

literal 0
HcmV?d00001

diff --git a/SPECS/fwupd.spec b/SPECS/fwupd.spec
index 3a674b9..d895d8b 100644
--- a/SPECS/fwupd.spec
+++ b/SPECS/fwupd.spec
@@ -45,7 +45,7 @@
 Summary:   Firmware update daemon
 Name:      fwupd
 Version:   1.7.9
-Release:   1%{?dist}
+Release:   1%{?dist}.inferit
 License:   LGPLv2+
 URL:       https://github.com/fwupd/fwupd
 Source0:   http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz
@@ -58,12 +58,9 @@ Source13:  http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-aa64.cab
 Source14:  http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-ia32.cab
 Source15:  http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-x64.cab
 
-# these are numbered high just to keep them wildly away from colliding with
-# the real package sources, in order to reduce churn.
-Source300:   redhatsecurebootca3.cer
-Source301:   redhatsecureboot301.cer
-Source500:   redhatsecurebootca5.cer
-Source503:   redhatsecureboot503.cer
+# MSVSphere secureboot certificates
+Source1000: spheresecurebootca.cer
+Source1001: spheresecureboot001.cer
 
 BuildRequires: gettext
 BuildRequires: glib2-devel >= %{glib2_version}
@@ -224,11 +221,11 @@ tar xfvs %{SOURCE2} -C subprojects/fwupd-efi --strip-components=1
     -Dplugin_uefi_pk=true \
     -Defi_os_dir=%{efi_vendor} \
 %ifarch x86_64
-    -Dfwupd-efi:efi_sbat_distro_id="rhel" \
-    -Dfwupd-efi:efi_sbat_distro_summary="Red Hat Enterprise Linux" \
+    -Dfwupd-efi:efi_sbat_distro_id="msvsphere" \
+    -Dfwupd-efi:efi_sbat_distro_summary="MSVSphere" \
     -Dfwupd-efi:efi_sbat_distro_pkgname="%{name}" \
     -Dfwupd-efi:efi_sbat_distro_version="%{version}" \
-    -Dfwupd-efi:efi_sbat_distro_url="mail:secalert@redhat.com" \
+    -Dfwupd-efi:efi_sbat_distro_url="mailto:security@msvsphere.ru" \
     -Dfwupd-efi:efi-libdir="/usr/lib64" \
 %endif
     -Dplugin_tpm=true \
@@ -277,9 +274,7 @@ install %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15}
 %ifarch x86_64
 %global efiarch x64
 %global fwup_efi_fn $RPM_BUILD_ROOT%{_libexecdir}/fwupd/efi/fwupd%{efiarch}.efi
-%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.tmp -a %{SOURCE300} -c %{SOURCE301} -n redhatsecureboot301
-%pesign -s -i %{fwup_efi_fn}.tmp -o %{fwup_efi_fn}.signed -a %{SOURCE500} -c %{SOURCE503} -n redhatsecureboot503
-rm -fv %{fwup_efi_fn}.tmp
+%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.signed -a %{SOURCE1000} -c %{SOURCE1001} -n spheresecureboot001
 %endif
 
 mkdir -p --mode=0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/fwupd/gnupg
@@ -537,8 +532,9 @@ done
 %endif
 
 %changelog
-* Wed Mar 15 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 1.7.9-1
-- Rebuilt for MSVSphere 9.1.
+* Mon Mar 27 2023 Eugene Zamriy <ezamriy@msvsphere.ru> - 1.7.9-1.inferit
+- Modified to use MSVSphere Secure Boot certificates
+- Rebuilt for MSVSphere 9.1
 
 * Mon Jul 25 2022 Richard Hughes <richard@hughsie.com> 1.7.8-1
 - New upstream release