From 9c5743ae7ea22fce35ba55febc2cd648b5d310a7 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Aug 22 2017 14:43:52 +0000 Subject: Update Aarch64. Signed-off-by: Peter Jones --- diff --git a/.gitignore b/.gitignore index f9ae468..e4b6d52 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1 @@ -BOOT.CSV shim*.efi diff --git a/BOOTAA64.CSV b/BOOTAA64.CSV new file mode 100644 index 0000000..f4d9fb1 Binary files /dev/null and b/BOOTAA64.CSV differ diff --git a/BOOTIA32.CSV b/BOOTIA32.CSV new file mode 100644 index 0000000..173a87b Binary files /dev/null and b/BOOTIA32.CSV differ diff --git a/BOOTX64.CSV b/BOOTX64.CSV new file mode 100644 index 0000000..087ee40 Binary files /dev/null and b/BOOTX64.CSV differ diff --git a/shim-signed.spec b/shim-signed.spec index db3d597..a1ce45f 100644 --- a/shim-signed.spec +++ b/shim-signed.spec @@ -5,23 +5,47 @@ Summary: First-stage UEFI bootloader Requires: dbxtool >= 0.6-3 Provides: shim = %{version}-%{release} %ifarch aarch64 -%define unsignedver 0.8-2.fc22 -%else +%define unsignedver 0.9-1.fc24 +%endif +%ifarch x86_64 %define unsignedver 0.8-1.fc22 %endif +%ifarch %{ix86} +%define unsignedver 0.9-1.fc24 +%endif License: BSD URL: http://www.codon.org.uk/~mjg59/shim/ -Source0: BOOT.CSV -Source1: shimx64.efi -Source2: shimaa64.efi + +# keep these two lists of sources synched up arch-wise. That is 0 and 10 +# match, 1 and 11 match, ... +Source0: BOOTX64.CSV +Source1: BOOTAA64.CSV +Source2: BOOTIA32.CSV + +Source10: shimx64.efi +Source11: shimaa64.efi +Source12: shimia32.efi + %ifarch x86_64 -%global efiarch X64 -%global shimsrc %{SOURCE1} +%global efiarch x64 +%global bootarch X64 +%global shimsrc %{SOURCE10} +%global bootcsv %{SOURCE0} %endif + %ifarch aarch64 -%global efiarch AA64 -%global shimsrc %{SOURCE2} +%global efiarch aa64 +%global bootarch AA64 +%global shimsrc %{SOURCE11} +%gloabl bootcsv %{SOURCE1} +%endif + +%ifarch %{ix86} +%global efiarch ia32 +%global bootarch IA32 +%global shimsrc %{SOURCE12} +%global bootcsv %{SOURCE2} %endif BuildRequires: shim-unsigned = %{unsignedver} @@ -31,7 +55,11 @@ BuildRequires: pesign >= 0.100-1%{dist} # compatible with SysV (there's no red zone under UEFI) and there isn't a # POSIX-style C library. # BuildRequires: OpenSSL +%ifarch x86_64 Provides: bundled(openssl) = 0.9.8zb +%else +Provides: bundled(openssl) = 1.0.2d +%endif # Shim is only required on platforms implementing the UEFI secure boot # protocol. The only one of those we currently wish to support is 64-bit x86. @@ -48,8 +76,8 @@ ExclusiveArch: x86_64 aarch64 %global efidir fedora %endif -%define ca_signed_arches x86_64 -%define rh_signed_arches x86_64 aarch64 +%define ca_signed_arches x86_64 %{ix86} +%define rh_signed_arches x86_64 %{ix86} aarch64 %description Initial UEFI bootloader that handles chaining to a trusted full bootloader @@ -79,47 +107,56 @@ mkdir shim-signed-%{version} cd shim-signed-%{version} %ifarch %{ca_signed_arches} pesign -i %{shimsrc} -h -P > shim.hash -if ! cmp shim.hash %{_datadir}/shim/shim.hash ; then +if ! cmp shim.hash %{_datadir}/shim/shim%{efiarch}.hash ; then echo Invalid signature\! > /dev/stderr exit 1 fi %endif -cp %{shimsrc} shim.efi -cp %{_datadir}/shim/shim.efi shim-unsigned.efi +cp %{shimsrc} shim%{efiarch}.efi +cp %{_datadir}/shim/shim%{efiarch}.efi shim%{efiarch}-unsigned.efi %ifarch %{rh_signed_arches} -%pesign -s -i shim-unsigned.efi -o shim-%{efidir}.efi +%pesign -s -i shim%{efiarch}-unsigned.efi -o shim%{efiarch}-%{efidir}.efi %ifnarch %{ca_signed_arches} -cp shim-%{efidir}.efi shim.efi +cp shim%{efiarch}-%{efidir}.efi shim%{efiarch}.efi %endif %endif -cp %{_datadir}/shim/MokManager.efi MokManager-unsigned.efi -cp %{_datadir}/shim/fallback.efi fallback-unsigned.efi -%pesign -s -i MokManager-unsigned.efi -o MokManager.efi -%pesign -s -i fallback-unsigned.efi -o fallback.efi -rm -vf MokManager-unsigned.efi fallback-unsigned.efi shim-unsigned.efi +cp %{_datadir}/shim/mm%{efiarch}.efi mm%{efiarch}-unsigned.efi +cp %{_datadir}/shim/fb%{efiarch}.efi fb%{efiarch}-unsigned.efi +%pesign -s -i mm%{efiarch}-unsigned.efi -o mm%{efiarch}.efi +%pesign -s -i fb%{efiarch}-unsigned.efi -o fb%{efiarch}.efi +rm -vf mm%{efiarch}-unsigned.efi \ + fb%{efiarch}-unsigned.efi \ + shim%{efiarch}-unsigned.efi %install rm -rf $RPM_BUILD_ROOT cd shim-signed-%{version} install -D -d -m 0755 $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/ -install -m 0644 shim.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim.efi -install -m 0644 shim-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim-%{efidir}.efi -install -m 0644 MokManager.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/MokManager.efi -install -m 0644 %{SOURCE0} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOT.CSV +install -m 0644 shim%{efiarch}.efi \ + $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim%{efiarch}.efi +install -m 0644 shim%{efiarch}-%{efidir}.efi \ + $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim%{efiarch}-%{efidir}.efi +install -m 0644 mm%{efiarch}.efi \ + $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/mm%{efiarch}.efi +%ifarch x86_64 +install -m 0644 %{bootcsv} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOT.CSV +%endif +install -m 0644 %{bootcsv} \ + $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOT%{bootarch}.CSV install -D -d -m 0755 $RPM_BUILD_ROOT/boot/efi/EFI/BOOT/ -install -m 0644 shim.efi $RPM_BUILD_ROOT/boot/efi/EFI/BOOT/BOOT%{efiarch}.EFI -install -m 0644 fallback.efi $RPM_BUILD_ROOT/boot/efi/EFI/BOOT/fallback.efi +install -m 0644 shim%{efiarch}.efi \ + $RPM_BUILD_ROOT/boot/efi/EFI/BOOT/BOOT%{bootarch}.EFI +install -m 0644 fb%{efiarch}.efi \ + $RPM_BUILD_ROOT/boot/efi/EFI/BOOT/fb%{efiarch}.efi %files -n shim -/boot/efi/EFI/%{efidir}/shim.efi -/boot/efi/EFI/%{efidir}/shim-%{efidir}.efi -/boot/efi/EFI/%{efidir}/MokManager.efi -/boot/efi/EFI/%{efidir}/BOOT.CSV -/boot/efi/EFI/BOOT/BOOT%{efiarch}.EFI -/boot/efi/EFI/BOOT/fallback.efi +/boot/efi/EFI/%{efidir}/*.efi +/boot/efi/EFI/%{efidir}/BOOT*.CSV +/boot/efi/EFI/BOOT/*.efi +/boot/efi/EFI/BOOT/*.EFI %changelog * Thu Mar 23 2017 Petr Ĺ abata - 0.8-9 diff --git a/sources b/sources index 8ef3379..6f2e7c8 100644 --- a/sources +++ b/sources @@ -1,3 +1,2 @@ -49acd7f998e96a9e10fded83ee71086b BOOT.CSV abd377408acc02ee7f2f16320ee9b49a shimx64.efi 041f94d1655f9dcf294048377b644d05 shimaa64.efi