https://bugzilla.novell.com/show_bug.cgi?id=813110 https://bugzilla.novell.com/show_bug.cgi?id=813110#c0 Summary: shim maintenance update signed with wrong key Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Bootloader AssignedTo: mls@suse.com ReportedBy: lnussel@suse.com QAContact: jsrain@suse.com CC: glin@suse.com, jcheung@suse.com, jlee@suse.com, mlin@suse.com, fcrozat@suse.com Found By: --- Blocker: --- +++ This bug was initially created as a clone of Bug #808594 +++ How could that happen? A mistake like that could easily result in an unbootable system.
Hmmm I found another problem with the sign key. While shim was built in the maintenance project, it was signed with openSUSE:Maintenance project key instead of openSUSE-UEFI-Sign key.
If grub2 and the kernel updated also follow this settings, I am afraid that shim would refuse to boot grub2/kernel if those two packages were updated. Looks like we need extra config in the sign server to sign EFI images in openSUSE:Maintenance with openSUSE-UEFI-Sign key.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.