[Bug 808594] New: bug in double signing shim
https://bugzilla.novell.com/show_bug.cgi?id=808594 https://bugzilla.novell.com/show_bug.cgi?id=808594#c0 Summary: bug in double signing shim Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Bootloader AssignedTo: glin@suse.com ReportedBy: lnussel@suse.com QAContact: jsrain@suse.com CC: mlin@suse.com Found By: --- Blocker: --- The EDK2 commit https://github.com/tianocore/edk2/commit/6de4c35f99f05f1d956538852c1cf003883... adds multiple signature support to the firmware. It however also rejects signatures that are incorrectly aligned. pesign generated such incorrectly aligned signatures. Therefore the our double signed shim on openSUSE 12.3 may be rejected by future firmwares. We should fix pesign and issue an online update of shim which includes correctly aligned signatures. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c1
--- Comment #1 from Gary Ching-Pang Lin
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c
Joey Lee
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c
Jeffrey Cheung
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c6
Gary Ching-Pang Lin
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c7
Gary Ching-Pang Lin
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c8
--- Comment #8 from Gary Ching-Pang Lin
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c9
--- Comment #9 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c10
--- Comment #10 from Benjamin Brunner
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c11
--- Comment #11 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c12
--- Comment #12 from Frederic Crozat
Rebuilding shim has no effect. The binary has to be submitted to the signing service again to get an updated signature. Do you expect any more fixes to shim/pesign in the near future?
By Signing Service, you mean MS or OBS ? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c13
--- Comment #13 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c14
--- Comment #14 from Frederic Crozat
MS of course. OBS doesn't require interaction.
I'm not sure we need to go through MS, since pesign is used after shim has been signed by MS, to add another signature (ok, I "unsign" shim-suse.efi before sending it to MS for signature.. ). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c15
--- Comment #15 from Ludwig Nussel
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c16
--- Comment #16 from Benjamin Brunner
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c17
--- Comment #17 from Bernhard Wiedemann
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c19
--- Comment #19 from Benjamin Brunner
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c20
--- Comment #20 from Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c21
Gary Ching-Pang Lin
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c22
--- Comment #22 from Gary Ching-Pang Lin
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c23
--- Comment #23 from Gary Ching-Pang Lin
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c24
--- Comment #24 from Jeffrey Cheung
https://bugzilla.novell.com/show_bug.cgi?id=808594
https://bugzilla.novell.com/show_bug.cgi?id=808594#c25
--- Comment #25 from Gary Ching-Pang Lin
participants (1)
-
bugzilla_noreply@novell.com