* Update Standards-Version.
* Embed the newly-minted Debian CA certificate.
* Vendorize debian/rules so that the same package can be used in both
Debian and Ubuntu without modification.
* Fix debian/copyright to match the spec (last match wins, not first)
* Fix shim.efi to not be executable.
* Add watchfile.
* Support parallel builds, because eh why not
* Update Vcs-Bzr.
Nick Clifton wrote to me and explained:
Subject: SHIM - objcopy version check broken by RHEL 7.3 binutils
Hi Peter,
We (the tools group) have run across a small problem with the shim
package for RHEL 7.3, whilst testing out a new version of the
binutils. It complains that it needs a version of objcopy that is
>= 2.23, despite the fact that the version is actually 2.25.1.
I tracked the problem down to an extraneous space at the end of the
version string being produced by objcopy:
"GNU objcopy version 2.25.1-8.el7 "
The Makefile in the shim package uses this rule to test the version of
objcopy:
OBJCOPY_GTE224 = $(shell expr `$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.* //g' | cut -f1-2 -d.` \>= 2.24)
But, because of that extra space, the sed expression clips the entire
line and so the test fails.
The extra space is there because normally the version number would be
followed by a date. For example:
"GNU objcopy version 2.23.52.0.1-56.el7 20130226"
So in this case the sed will extract the date, not the version number,
but the test will still pass.
I could fix the binutils to remove the space, although it would be a
bit messy and it would not fix the problem when a date is appended to
the version number. Instead, I would like to propose a small patch to
the shim Makefile. If you change the line to:
OBJCOPY_GTE224 = $(shell expr `$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.version //g' | cut -f1-2 -d.` \>= 2.24)
then the test will work as intended, with or without an extra space at
the end of the version and with or without a date appended.
Would it be possible to have this change added to the shim package ?
Cheers
Signed-off-by: Peter Jones <pjones@redhat.com>
Add support for measuring the MOK database and secure boot state into a
TPM, and do the same for the second stage loader. This avoids a hole in
TPM measurement between the firmware and the second stage loader.
The second stage set is not working after commit
3322257e61 for those which load option
only have one string.
Signed-off-by: Ivan Hu <ivan.hu@canonical.com>
I found a machine whose BDS gives us relative paths, yay! The rest of
the code still works without that leading slash, so just make it one
more item we let through our StrnCaseCmp() filter.
Signed-off-by: Peter Jones <pjones@redhat.com>
ExitBootServices() and Exit() should both clean these up anyway, but we
should do the right thing nonetheless.
Signed-off-by: Peter Jones <pjones@redhat.com>
