integ/security
Scott Little 4761e4f3fa Secure boot no longer working
Secure Boot's hasn't been tested since July 2018

The principle players in the Secure Boot chain of trust are Shim,
Grub, and the Linux kernel.  All three components have seen multiple
upgrades since the last test.

A new build option has been added to shim, (ENABLE_SHIM_CERT) that
enables/disables the support for an embedded shim key. It defaults
to disabled.  It also controls the generation of a random shim key,
and the build time signing of fallback and MokManager components.
Since we don't want a random shim key (reproducable builds), and we do
signing as a post build step, leaving it disabled seemed like the correct
setting initially... until it's function to disable shim keys entirely
was discovered.

This update reworks the shim patch so that we can embed a prebuilt
shim key, and still have shim key functionality active.

Closes-Bug: 1864245
Change-Id: Ibcb6bcfe3060ce0b3e2c2f3c23908bb7127b0ccd
Signed-off-by: Scott Little <scott.little@windriver.com>
2020-02-21 15:59:56 -05:00
..
libtpms/centos StarlingX open source release updates 2018-05-31 07:36:35 -07:00
python-keyring integ: Convert wrsroot -> sysadmin 2019-06-14 15:09:09 -07:00
shim-signed/centos rebase shim-signed patch to CentOS 7.6 version 2019-01-04 14:22:46 +08:00
shim-unsigned Secure boot no longer working 2020-02-21 15:59:56 -05:00
spectre-meltdown-checker/centos spectre-meltdown-checker: package format 2018-07-03 23:58:57 -07:00
swtpm Add low latency per-cpu power management 2019-02-01 14:27:10 -05:00
tboot/centos Fix RPM release name "el7" misspelled problem 2019-03-29 08:59:43 +08:00
tpm2-tools rebase tpm2-tools patch to CentOS 7.6 version 2019-01-15 13:52:16 +08:00
tss2 StarlingX open source release updates 2018-05-31 07:36:35 -07:00