Re: UEFI Revocation List being distributed by Debian
On Thu, May 7, 2020 at 3:06 AM Mario Limonciello wrote:
> https://uefi.org/revocationlistfile
For the benefit of the mailing list archive, here is a copy of that
page in plain text form:
UEFI Revocation List File
ACCESS TO THE UEFI REVOCATION LIST FILE
This file is used to update the Secure Boot Forbidden Signature
Database, dbx. It contains the raw bytes passed in *Data to
SetVariable()... an EFI_VARIABLE_AUTHENTICATION_2 concatenated with
the new variable value. Example usage: SetVariable( "dbx",
EFI_IMAGE_SECURITY_DATABASE_GUID, NV+BS+RT+AT+AppendWrite,
dbxUpdateDotBin_sizeInBytes, *dbxUpdateDotBin_bytes). dbxupdate.bin
already contains a Microsoft KEK signature (encoded as specified by
the UEFI spec).
UEFI Revocation List File - available for download here (last updated
on August 8, 2016).
http://www.uefi.org/sites/default/files/resources/dbxupdate.zip
UEFI Download Page Terms of Use for Microsoft Corporation's UEFI
Revocation List file ("UEFI Revocation List")
By downloading the UEFI Revocation List file ("UEFI Revocation List")
from this website (www.uefi.org), you agree to the following terms.
If you do not accept them, do not download or use the UEFI Revocation
List.
These terms do not provide you with any legal rights to any
intellectual property in any Microsoft product.
You may copy and use the UEFI Revocation List for your internal,
reference purposes and to design, develop, and test your software,
firmware or hardware, as applicable; and you may distribute the UEFI
Revocation List to end users solely as part of the distribution of an
operating system software product, or as part of the distribution of
updates to an operating system product; and you may distribute the
UEFI Revocation List to end users or through your distribution
channels solely as embodied in a firmware product or hardware product
that embodies nontrivial additional functionality. Without limiting
the foregoing, copying or reproduction of the UEFI Revocation List to
any other server or location for further reproduction or
redistribution on a standalone basis is expressly prohibited.
If you are engaged in the business of developing and commercializing
hardware products that include the UEFI standard, you may copy and use
the UEFI Revocation List for your internal, reference purposes and to
design, develop, and test your software; and you may distribute the
UEFI Revocation List end users solely as part of the distribution of
an operation system software product, or as part of the distribution
of updates to an operation system software product. Without limiting
the foregoing, copying or reproduction of the UEFI Revocation List to
any other server or location for further reproduction or
redistribution on a standalone basis is expressly prohibited.
The UEFI Revocation List is provided “as-is.” The information
contained in the UEFI Revocation List may change without notice.
Microsoft does not represent that the UEFI Revocation List is error
free and you bear the entire risk of using it. NEITHER MICROSOFT NOR
UEFI MAKES ANY WARRANTIES, EXPRESS OR IMPLIED, WITH RESPECT TO THE
UEFI REVOCATION LIST, AND MICROSOFT AND UEFI EACH EXPRESSLY DISCLAIMS
ALL OTHER EXPRESS, IMPLIED, OR STATUTORY WARRANTIES. THIS INCLUDES
THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
TITLE AND NON-INFRINGEMENT.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL
MICROSOFT OR UEFI BE LIABLE FOR ANY SPECIAL, INDIRECT OR SONSEQUENTIAL
DAMAGES OR ANY DAMAGES WHATSOEVER ARISING OUT OF OR IN CONNECTION WITH
THE USE OR DISTRIBUTION OF THE UEFI REVOCATION LIST, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION.
YOU AGREE TO RELEASE MICROSOFT (INCLUDING ITS AFFLIATES, CONTRACTORS,
AGENTS, EMPLOYEES, LICENSEES AND ASSIGNEES) AND UEFI (INCLUDING ITS
AFFILIATES, CONTRACTORS, AGENTS, EMPLOYEES, LICENSEES AND SUCCESSORS)
FROM ANY AND ALL CLAIMS OR LIABILITY ARISING OUT OF YOUR USE OR
DISTRIBUTION OF THE UEFI REVOCATION LIST AND ANY RELATED INFORMATION.
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: