From a8638ef0e2a632be14b7bebe3c29b30b6d70594c Mon Sep 17 00:00:00 2001
From: Eugene Zamriy <eugene@zamriy.info>
Date: Fri, 24 Mar 2023 23:37:08 +0300
Subject: [PATCH] Initial adoption for MSVSphere 9.1

  - switched to use our self-signed Secure Boot certificates
  - disabled aarch64 architecture until we have support for it
---
 .shim.metadata                  |   7 +++----
 SOURCES/BOOTAA64.CSV            | Bin 184 -> 0 bytes
 SOURCES/BOOTX64.CSV             | Bin 108 -> 120 bytes
 SOURCES/redhatsecureboot501.cer | Bin 964 -> 0 bytes
 SOURCES/redhatsecurebootca5.cer | Bin 920 -> 0 bytes
 SOURCES/shim.rpmmacros          |   2 +-
 SOURCES/spheresecureboot001.cer | Bin 0 -> 1130 bytes
 SOURCES/spheresecurebootca.cer  | Bin 0 -> 1124 bytes
 SPECS/shim.spec                 |  23 +++++++++++++----------
 9 files changed, 17 insertions(+), 15 deletions(-)
 delete mode 100644 SOURCES/BOOTAA64.CSV
 delete mode 100644 SOURCES/redhatsecureboot501.cer
 delete mode 100644 SOURCES/redhatsecurebootca5.cer
 create mode 100644 SOURCES/spheresecureboot001.cer
 create mode 100644 SOURCES/spheresecurebootca.cer

diff --git a/.shim.metadata b/.shim.metadata
index bd1dd4b..a99a2be 100644
--- a/.shim.metadata
+++ b/.shim.metadata
@@ -1,4 +1,3 @@
-9ca9cfa834aedfaf3efe2216bfa1cb7c286ee1c0 SOURCES/fbx64.efi
-5eb0ac78eee6aeeaf44a3f11d002b4fe00af6916 SOURCES/mmx64.efi
-4312f246b6ba692040383f10358ac9a5927207de SOURCES/shimaa64.efi
-783fb77783e9d0c4c400b723dfd0f02f006616ae SOURCES/shimx64.efi
+a90efeb1562bde896b930fe40a09d22284cad2fc SOURCES/fbx64.efi
+03da6effba89aa015501640bf486973b8b74f47f SOURCES/mmx64.efi
+888dfe2b9f8c3eaec7db4ecf282dacd81229b5d0 SOURCES/shimx64.efi
diff --git a/SOURCES/BOOTAA64.CSV b/SOURCES/BOOTAA64.CSV
deleted file mode 100644
index 2dad06e30e5c8f08d7ba2dd1a6bdfe2a05065d4d..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 184
zcmb7-%L#x$5JTVDDz*UeBz7Qp@FX^%xQibAu&bcWt8qJ!FeD^1ndc6SOw4pbK~9Fn
z$w_IX1`L&wU0kw=EuKv?5u^>Z)WX53i<CCD1^HiYv_HnJo>ll-Y;5sd(oUWi|NWHk
E0^c+t{{R30

diff --git a/SOURCES/BOOTX64.CSV b/SOURCES/BOOTX64.CSV
index 77b070b17dca5cebce10cdc0708d2c5bef3e1e59..a478bdc038dba33649b23edab709ea08ac9b15fd 100644
GIT binary patch
delta 46
kcmd0)m>?mT%TUZv2E+vn84RfmMGUDEm90fE1R1y(01od8WdHyG

delta 34
gcmb=(nIOSk#E{C6!jQp`$WSs-)0z*7%fQ6|0GA~Pl>h($

diff --git a/SOURCES/redhatsecureboot501.cer b/SOURCES/redhatsecureboot501.cer
deleted file mode 100644
index dfa7afb4699f9da2610ccf889eac6269b4e368ad..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 964
zcmXqLVm@Hd#I#}oGZP~d6DPygP|MB7r^(JW;AP{~YV&CO&dbQi&B|a9ZzyIU!p0oR
z!o|ZIl$xU8kyxUm;F*`KXQ*f(4-#kQk${RT1g9pK7NsgU<>!|uI6Eqs8Y&qmz)j<1
z6ca8^O-{^7Eh=#+N=?Z~EYVBO&oz(}=QT1gFf*_;ur#$aF^m%DHMTG?G_-(n4bpHr
zK*K-{;sAMU4hYUn&&$k9S1<({MvOa}7?qIy&dAEZ+{DPwV9><K#ni;e$guu=$oGnW
ze{{oo4vWd1n!$3g^ztl!_Wv4lt|gVP^V*bb`N;0x-qaiSXHHkmzWs6U{Jid~uVjQg
zS|4oqT*Lc+uD;qaYn_Hg^JFa_EuSZy?0Iy83a6;$&5WqJujk4gL%(Y6nYHpy@FtO-
zI~y5)_8s6+n=H%YpD8crt=~7@zh0G9QRPZ<dz0De%SPtcf3$e--Fk_&Kdvn~A$+=Z
zjOU^6zn^^Wte#r5CaJDwO8j%(=sWDELl$$aKKNU>?_b=fyaz_nMgbCq_4}%h&s@!!
ze1+-H$r$aU3#Wbib#?#k&uh{GYUM6Zj@vtn;gxywxjzdyRhQhFw_E3gr&3h2=~R{1
zj&**wnV1<F7#CL<lo{{<LtR#wk?}tZlL3PPABe{f;;}F@u{Riqf%vK*K92zx8;3R<
zBP%OAGqZs#NSu#Fj75a)p2Xa}PuW-5*w#BgITbU_UEMAhoR(yjStJa^8br?IFMY0&
zvCGqM^6b4C+!I~OX3g(MjvHXQ1jY>`gIDK=C)Q=HpH6<5w#musUBRX5*FRT%+S?q^
zlC!X|$Tr`#TvsL{<Y0K?+I^?zUePz-=pFj8T<x94=a+xmVxuemx>aXYvlkoIbiCkx
z5_D~Q*@8!%rFvVIJk+SN&YvaV#ohSi<j#kdYU%ve0*xzt6Mo$i_FKQ0FZk`5lqSjS
zx-&8V_J9BMIr_kdrLkp>!kzD4u!L^;lrQW*W7-1#!tQ%Ev()B&_RmzfDxh^SOyp9_
zQ{CMgMRQYpd7N(ray<%vF*_r`|Ig1qJ?keW%w>8X>p8K%ckRW_k5{=r91h)XDEdQO
n!11<!7-Rf#_4ogJ(r+uSeDnC`u02t&`}F@;ywy&4ViW)XFOYW9

diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer
deleted file mode 100644
index dfb0284954861282d1a0ce16c8c5cdc71c27659f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 920
zcmXqLVxD5q#8k6@nTe5!iIbtZm{+@~;bN2lFB_*;n@8JsUPeZ4RtAH3LoovpHs(+k
zE*{>X)D#7e#1b6^&%9(kLq!95kT^4s1XNrhI5oMnC{@8JKfgr5*-^pNP{}|6ZW<?}
zm~e4wa$-(uQHeuQYDz|8iC%Jku7R95uaSX)nSrH&g`ugjS(G@hv4w%5p#_vndj~Wz
zDj|ECk(GhDiIJbdpox)-sfm%1;oPoQj^Z+n3p+UXFTAqySFqmPd3*j?Ys@hSTEP8<
zf#2*zv*WjwCq+F|Q?70*n-_6VPwv(E$rjn}*LF=h`h($l`O@&r`;HrrOo-N1I9RfZ
zxvgQ_lF0WfJ6z&|9Ilj$E@Ww)^ZxU(`JeguueG>6NxP$#b?ru1p1aqn$3D)YB{Qqo
zjCvjz?|=HkE#3AN-xTZpws*U~)f@D<hHx*rr)(NEvzYZp!}C-TDRu*$;<gRCi<g-#
z^KFcsxIBILE9>Z{t~uwMZy8<;F%jD%$u6!n#qYzp^Sryh{C;x9qf@!N=T4ui@b#({
zSD&^p3kNZ=9lAQ9%xdfP9doNToV+k2^LHOF<JVRuW=00a#lZ%F2C~5TmgQp+V-Y!%
zzx26A#x764$+P!na8Gn8n>D{5oE&78StJa^8n7$i2k94PWc<&<YQPMnkb@nV)_}pz
z$RPVX&M7PHOp)E}n3L-lp9;}?o3i@APVs%}E9D|KM%wramRy`J6~x-Y+I90o>xr*#
z`sciS&XK#@>h!OC8{=mczNLHbADCJ+pE=-CsaDOF#s}?5Q)1qq&%R~#cz>QmiAiVx
zk5XXYstAL9d+iK-w@u$FES<YPN5Z<$i*sS8`10oxUvmRDUKTjPckPLhB$Kz)rb~A;
z7pqN`Wn_C2lv%-c*}%nRLuvV$khM?pl$8F*{-4ao^K*vP9Lw!IjTb)uU|-JJoj<4R
z;o3irGXj>ybMIPOFY~9lmn~9nUf%vMc88@((p0B(#qL+!COmt7`j5IhPVzo{cRPw}
Pd!}BnFF!b8N6JS4>O*3Z

diff --git a/SOURCES/shim.rpmmacros b/SOURCES/shim.rpmmacros
index d1379ff..4642e75 100644
--- a/SOURCES/shim.rpmmacros
+++ b/SOURCES/shim.rpmmacros
@@ -20,7 +20,7 @@
 #%%global mmefiarm %%{expand:%%{SOURCE43}
 
 %global shimveraa64 15-6.el9
-%global shimverx64 15.6-1.el9
+%global shimverx64 15.6-1.el9.inferit
 #%%global shimverarm 15-1.el8
 
 %global shimdiraa64 %{_datadir}/shim/%{shimveraa64}/aa64
diff --git a/SOURCES/spheresecureboot001.cer b/SOURCES/spheresecureboot001.cer
new file mode 100644
index 0000000000000000000000000000000000000000..1cdb65a605fb71d66281bf469697caabdc6e88c3
GIT binary patch
literal 1130
zcmXqLVo5V-V)k3W%*4pVB*2jn=H%Y$^KaMQ(=#t;A6a3*%f_kI=F#?@mywa1mBFBK
zyP=kW1{-rI3%9VMZ*W*}K}Kp(s)BQBQAuW6W^!UlW`3T6V`)i7eo<ygrJ;&}5?ntg
zqnK!MYH}$^!XdY~tQf3Suc*|JA7~5EM0Q~|-~8g_{BoE82V8*LfD@#GO_(Vt)KJiX
zAH?Aj=J0b4c2V&0aW+&mkOv7d3rir}6b!N}RlzAgzeK^=(Lh0**T~qw*vQDx%*4pl
zBuawc$iNg?z@Tx@p!A!XfeOTLve^9=oSB}NnU`+R#HfTETa2s>%uS5^3_x)%rY1&4
zhAU|gB)TdOCR%^@IOf=<*tCQp@_C{_>CwL?A`e~K_6W7-&WrgLlG<;0WN}ies6)Zm
zPv<#<P92{Tm~`RyA30max)lNra}W0X<nDCjiK^4tdq#9sj)wOX<^}d*(N8xYXSG`X
zg~MLrs_s(Z@afOF80sROi;vEE;(O=V+HUjgofSzwf}VbB4d&Q(M)ECj6uR--P{}5|
z^xaa|&}(<Rr^$R>Idv{)nTNG#6w@<h?WF60U(>COuIy0UYGcwAqg@bWbXMH5;_reR
zGcP1%c<<cY`}d2UN&F3ulWAWko_}Z3p0VQ8x?85MF+M9DK0I8s*SMo6xa(~4RMuDz
z*>mSkpWa<}I+lr<k%4h>szEY1t;i~~NEnDUh<HY(ZxzltalbBQr_$q<rUBVgTdo=i
z0|Q)Em4(NEi;Y8@jggg=otfEy2P7!W$oQXy$$-H?7R2LY5n~Z~8KqR_ch2Nw=3b|m
znymRz`_@bkK#mAtwgE;2BZGI;iK^z(156J%MDITM#&2xX-*TPBQkZq7ZS<|fu9swW
zs^tIntSc>4<`Q&XC^MnCU@_C=lj_-bUu%aQt@+(kxcO!CiN!PL&bf3@TlDkMJSBr?
z$^HS-7k*g3IA}lT!t%(kF&XFd)>TgF7jc)F#8YHd|Etw<;Vem`)m2>n|JLnU&lB~5
z_tPuSZ^6C~S6$bWTlMTjoXx}yk-0AtzOOfNKNb)@VUn9D(~-+>?Jpf>&8s*&yJe$u
z%O$V5eYdZyoDj34uVO(w!`;naXJ{5htezQnVpqLl(XPcu3|Bqhe3og|x{z}JImH<X
h%hn&+T$PtHWgesSfuB1*#{9i^n&J9eU$>P$@&J3Sn|}ZR

literal 0
HcmV?d00001

diff --git a/SOURCES/spheresecurebootca.cer b/SOURCES/spheresecurebootca.cer
new file mode 100644
index 0000000000000000000000000000000000000000..4db57d718fca340fe0ff696e62220d884a018630
GIT binary patch
literal 1124
zcmXqLVo5M)V)j_T%*4pVB*@UFZ|Ac~&52=$)koFJd47%tylk9WZ60mkc^MhGSs4r(
zw;O61Xs|JdvTzG4`UZyu7i6Rsr7Ae57L{bCWhN(<Waj57IF^=V<QHX@R2r%nD8cn}
zGKz^7rzV$zBph;!%ZkBT^@>Uj`GK|oO=K5l^UW_#&M$`vaKHt)4LCt6*o2vaLJb8C
z_(2>lVGcj%U>5}+A7?{F19^}Tv#<ohO~D|$QWc!?^Gg(*9Ss!3d5w$>jE#&8%}k6;
zO`;_DjSNhY1%|NSni!RkBZ`rgfw_s1pTVGsk&CH`k&)qy<gNA3Ykn=;Za25Nr@$b1
z+MFp<^e6Fdzp(CImL40oK9}>#MZ1z^zt>jxZ94nKTmE^M<0hY`(;FOC{bDXmj@ll5
zfzjN*!#8iq-SrRJ&rNO1i(h$uf^v=AmSPQI2j8je@7>NHb$k}P{9#zWL2vOg@9*K9
zjO%9{d3Pge!>XJ6vM)!7&t(*OQ4{$w<(~J>hlM=vh56>){P8m(X&Rr;uXyg5M_=aF
zd#c!cIl(KUeOi9wq&poe9vyE}JQ=WZwvhcDaW<#01Nk%5*d9vS-aEhO#K!LpZFb*{
zFP{1_<FEY#W&zb5^>H<)#oj*G%$*%tn!Bohs^qCQPsfM5ln%Bn(kS{dtCESCk%4h>
zvOyv^naC=$NEnDUh<HY(ZxzltalbBQr_$q<rUBVgTdo@L0n?EzKO^IR78YQZXagrT
zSz!>L)qojD8OVYZ@Ue)oVAqeDUx3lT$WR?%Tx=Jgvr|UhKjU<`Mb-E4!#Sr9##LD_
zyRdQN$y&*e4)&ZXzdvy--#x{_H}-6Sn*7cAbGPT!_Uu_z-?h)_K+o-_?6n*g+8Y-h
z>G{I3^L6cuh4-1=pUQbp_4i-G>a=%G{)fG9{r7*rvUchFJejrg((d}cw%c;yfu;7`
zqMidQ`kKxve{oL^tnfPfBE+3@;o0}w_a8NQrowmlYpQqT|B^Ogwv}317JFH}z6-s+
z_4eVyYL!jFN+&&+hCk5h{FgL!Q;!#W?}?3<l=?aMuJmK<I2$s#MrlUiq9a#-CiLp>
o*v!l5eqe(MqtJoFZrNUcvI?gcr!@R*dbc-^q4#{~_u5O(04vs^n*aa+

literal 0
HcmV?d00001

diff --git a/SPECS/shim.spec b/SPECS/shim.spec
index c80796c..56ff556 100644
--- a/SPECS/shim.spec
+++ b/SPECS/shim.spec
@@ -1,6 +1,6 @@
 Name:		shim
 Version:	15.6
-Release:	1.el9
+Release:	1.el9.inferit
 Summary:	First-stage UEFI bootloader
 License:	BSD
 URL:		https://github.com/rhboot/shim/
@@ -12,15 +12,16 @@ ExclusiveArch:	%{efi}
 ExcludeArch:	%{arm} %{ix86}
 
 Source0:	shim.rpmmacros
-Source1:	redhatsecureboot501.cer
-Source2:	redhatsecurebootca5.cer
+Source1:	spheresecureboot001.cer
+Source2:	spheresecurebootca.cer
 
 # keep these two lists of sources synched up arch-wise.  That is 0 and 10
 # match, 1 and 11 match, ...
-Source10:	BOOTAA64.CSV
-Source20:	shimaa64.efi
-Source30:	mmaa64.efi
-Source40:	fbaa64.efi
+#Source10:	BOOTAA64.CSV
+#Source20:	shimaa64.efi
+#Source30:	mmaa64.efi
+#Source40:	fbaa64.efi
+# MSVSphere note: currently we support only the x86_64 architecture
 Source12:	BOOTX64.CSV
 Source22:	shimx64.efi
 Source32:	mmx64.efi
@@ -40,7 +41,7 @@ BuildRequires:	pesign >= 0.112-20.fc27
 # we can just BuildRequires that.
 %ifarch x86_64
 ## BuildRequires:	%% {unsignedx64} = %% {shimverx64}
-BuildRequires:	shim-unsigned-x64 = 15.6-1.el9
+BuildRequires:	shim-unsigned-x64 = 15.6-1.el9.inferit
 %endif
 %ifarch aarch64
 BuildRequires:	%{unsignedaa64} = %{shimveraa64}
@@ -104,8 +105,10 @@ install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi
 %endif
 
 %changelog
-* Wed Mar 15 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 15.6-1
-- Rebuilt for MSVSphere 9.1.
+* Fri Mar 24 2023 Eugene Zamriy <ezamriy@msvsphere.ru> - 15.6-1.inferit
+- Modified to use MSVSphere Secure Boot certificates
+- Disabled aarch64 architecture until we support it
+- Rebuilt for MSVSphere 9.1
 
 * Mon Jun 06 2022 Peter Jones <pjones@redhat.com> - 15.6-1.el9
 - Update to shim-15.6