Shim 15.6 for EuroLinux 8

[jaromaz]

Confirm the following are included in your repo, checking each box:

• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate(s) embedded in shim (the file passed to VENDOR_CERT_FILE)
• binaries, for which hashes are added to vendor_db ( if you use vendor_db and have hashes allow-listed )
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs
• a Dockerfile to reproduce the build of the provided shim EFI binaries

---

What is the link to your tag in a repo cloned from rhboot/shim-review?

---

https://github.com/EuroLinux/shim-review/tree/eurolinux-shim-x86_64-20220702

---

What is the SHA256 hash of your final SHIM binary?

---

9103237187d50053b4dbe37f24851af36c7adfd00de2eab8c1dc83d2706fa43e

[frozencemetery]

I'm sending you some words. Please post them here when you receive them.

[aronowski]

regnskapsregistrene
storselskapenes
næringsmeldinga
sjeledrama
klosterlatin
skagene
minskningene
denudasjonen
brestingen
tilhenget
hovedstadshotellet
tomgangstap
rønne

[AlexBaranowski]

@frozencemetery FYI @jaromaz is currently on vacation during which he wanted to be "offline" && "tech detox" as much as possible. We are trying to reach him, but it might take some time.

Sorry for keeping You waiting.

[jaromaz]

@frozencemetery @AlexBaranowski My keys are secured offline - I return from vacation on 25.08 and will send the list of words then, since I didn't even take my laptop on this trip.

[jaromaz]

@frozencemetery

privatsamlerens
fellesskapsverdier
vilttrygdavgiftene
klimaavdelingen
endringsfase
eitelens
stemningsskiftets
evidens
teglstein
dynnets
sjukdomsårsaker
fallskjermgodtgjøring
stillingsinnehaverne

[frozencemetery]

Sorry for keeping You waiting.

Not a problem for me; the only ones who suffer here are you :)

In any case, both word sets match; contact verification complete.

[frozencemetery]

Your README states that you're a "Linux operating system based on Red Hat Enterprise Linux source code". Yet your Dockerfile is building using Oracle Linux. Which is it?

Your grub2 sbat has grub.eurolinux,2,... - why is this? (There's no rule that they need to increase as you go down, so we'd expect 1 here unless there was a problem.)

[aronowski]

The reason for that number 2 in EuroLinux' GRUB2 generation number is that after upstream updated their generation number, we did the same for management simplification.

[jaromaz]

Yet your Dockerfile is building using Oracle Linux.

All these systems are binary compatible, produce exactly the same artifacts. Of course, there is no problem to use our container, but in the reviews several comments suggested such a procedure: using a container with a different, independent distro, was recommended.

[frozencemetery]

The reason for that number 2 in EuroLinux' GRUB2 generation number is that after upstream updated their generation number, we did the same for management simplification.

This is not the correct use of SBAT.

[aronowski]

Everything is explained in SBAT.md, the document SBAT.example.md mislead me a bit.

Thank you for pointing out the mistake. We should have given 1 and this number shall not be higher in our case, because we are compatible with Red Hat Enterprise Linux and thus no custom changes will be made here.

We fixed the issue and our current review has been updated to the tag eurolinux-shim-x86_64-20220901.

[jaromaz]

@frozencemetery @julian-klode Is there anything else we can help with to speed up the process?

[AlexBaranowski]

Hi!

Is there any ETA for review?

[frozencemetery]

Please note #307

[jaromaz]

Closing due to shim 15.7 and NX support requirement.