8d6824e872
* [1.0] shim: update shim bootloader (#2157) * shim: update key used Our current keys have a 1 year expiration time, and it will expire shortly. Update the key to one that will expire in 10/13/22. Ultimately we plan to move to a longer lived CA cert once that is made available. * shim: Add critical patches * shim: Update to new signed shim bootloader binary New shim bootloader contains the renewed Mariner Secure Boot Production key embedded inside. And this shim binary itself is signed with the MS UEFI CA. * grub: bump release number to force re-signing In order to not regress current users of the grub2-2.06~rc1-7 package, bump release number which will cause the newer grubx64.efi inside the grub2-efi-binary-2.06~rc1-8 package to be signed with the updated secure boot key that matches with the one embedded in the 15.4-2 shim binary. * License verified Signed-off-by: Chris Co <chrco@microsoft.com> |
||
|---|---|---|
| .. | ||
| Don-t-call-QueryVariableInfo-on-EFI-1.10-machines.patch | ||
| Fix-a-broken-file-header-on-ia32.patch | ||
| Fix-handling-of-ignore_db-and-user_insecure_mode.patch | ||
| Relax-the-check-for-import_mok_state.patch | ||
| cbl-mariner-ca-20211013.der | ||
| mok-allocate-MOK-config-table-as-BootServicesData.patch | ||
| sbat.csv.in | ||
| shim-another-attempt-to-fix-load-options-handling.patch | ||
| shim-unsigned-x64.signatures.json | ||
| shim-unsigned-x64.spec | ||