Please review changes for the Debian shim -7 upload

To: debian-efi@lists.debian.org
Cc: dann.frazier@canonical.com, ard.biesheuvel@linaro.org
Subject: Please review changes for the Debian shim -7 upload
From: Steve McIntyre <steve@einval.com>
Date: Mon, 6 May 2019 13:24:19 +0100
Message-id: <[🔎] 20190506122419.GE4136@tack.einval.com>

Hey folks,

I think I'm about ready to upload a new shim, with a number of
changes., It would be lovely to get more eyes on these, as I'm hoping
this will be our last upload before buster and I want to get this
signed.

See https://salsa.debian.org/efi-team/shim/commits/master

Changes for review:

549f650 (93sam/hack, hack) Add more hashes that we want to blacklist
88a7a65 Add initial file with test checksums for the dbx list
6cf246a Generate a vendor dbx file at build time
e17b0af Build using gcc-7
315e876 Fix OBJ_create() to tolerate a NULL sn and ln
878d860 VLogError(): Avoid NULL pointer dereferences in (V)Sprint calls

In particular, please check my logic in the dbx file creation. I've
tested this using a local VM set up with secure boot enabldd and test
keys in the firmware, and it looked to work ok.

Please review/test as soon as you can - I don't want this to be
blocking the Buster release.

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
"C++ ate my sanity" -- Jon Rabone

Reply to:

Follow-Ups:
- Re: Please review changes for the Debian shim -7 upload
  - From: dann frazier <dannf@dannf.org>

Prev by Date: Bug#928300: shim-signed: secure boot via removable media path unavailable
Next by Date: Re: Please review changes for the Debian shim -7 upload
Previous by thread: pesign_0.112-5_source.changes ACCEPTED into unstable
Next by thread: Re: Please review changes for the Debian shim -7 upload
Index(es):
- Date
- Thread