openSUSE-RU-2020:1274-1: moderate: Recommended update for shim

27 Aug 2020

      openSUSE Recommended Update: Recommended update for shim
______________________________________________________________________________

Announcement ID:    openSUSE-RU-2020:1274-1
Rating:             moderate
References:         #1113225 #1121268 #1153953 #1168104 #1168994 
                    #1173411 #1174320 #1175626 #1175656 
Affected Products:
                    openSUSE Leap 15.2
______________________________________________________________________________

   An update that has 9 recommended fixes can now be installed.

Description:

   This update for shim fixes the following issues:

   - Updated openSUSE signature
   - Update the path to grub-tpm.efi in shim-install (boo#1174320)
   - Use vendor-dbx to block old SUSE/openSUSE signkeys (boo#1168994)

     + Add dbx-cert.tar.xz which contains the certificates to block and a
       script, generate-vendor-dbx.sh, to generate vendor-dbx.bin
     + Add vendor-dbx.bin as the vendor dbx to block unwanted keys

   - Only check EFI variable copying when Secure Boot is enabled (boo#1173411)
   - Use the full path of efibootmgr to avoid errors when invoking
     shim-install from packagekitd (boo#1168104)
   - shim-install: add check for btrfs is used as root file system to enable
     relative path lookup for file. (boo#1153953)
   - Add shim-opensuse-signed.efi, the openSUSE shim-15+git47 binary
     (boo#1113225)
   - shim-install: install MokManager to \EFI\boot to process the pending MOK
     request (bsc#1175626, bsc#1175656)

Patch Instructions:

   To install this openSUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.2:

      zypper in -t patch openSUSE-2020-1274=1

Package List:

   - openSUSE Leap 15.2 (x86_64):

      shim-15+git47-lp152.4.5.1
      shim-debuginfo-15+git47-lp152.4.5.1
      shim-debugsource-15+git47-lp152.4.5.1

References:

   https://bugzilla.suse.com/1113225
   https://bugzilla.suse.com/1121268
   https://bugzilla.suse.com/1153953
   https://bugzilla.suse.com/1168104
   https://bugzilla.suse.com/1168994
   https://bugzilla.suse.com/1173411
   https://bugzilla.suse.com/1174320
   https://bugzilla.suse.com/1175626
   https://bugzilla.suse.com/1175656

Main

Development

Information

Community

Social Media

Other

maintenance＠opensuse.org

tags

participants (1)