Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Generate SbatLevel Metadata from SbatLevel_Variable.txt #711

Merged
merged 4 commits into from
Feb 5, 2025
Merged

Generate SbatLevel Metadata from SbatLevel_Variable.txt #711

merged 4 commits into from
Feb 5, 2025

Conversation

jsetje
Copy link
Collaborator

@jsetje jsetje commented Dec 23, 2024

This makes SbatLevel_Variable.txt the single source of truth for SbatLevel metadata and generates the header file from it.

@jsetje jsetje mentioned this pull request Dec 23, 2024
Open
@jsetje jsetje force-pushed the generate_sbat_levels branch 5 times, most recently from d3e5f8c to 8f0b96c Compare January 21, 2025 02:46
@jsetje
Copy link
Collaborator Author

jsetje commented Jan 21, 2025
edited
Loading

I failed to notice that the initial PR had broken out of place build. Fixed now.

There is still some breakage if I build in place and then out of place without cleaning in place. Please let me know if we want that to work and I'll figure that out.

@jsetje jsetje force-pushed the generate_sbat_levels branch 2 times, most recently from c3c29dc to 1684f16 Compare January 22, 2025 19:03
@vathpela vathpela added this to the shim 16 milestone Feb 4, 2025
jsetje added 4 commits February 4, 2025 12:31
@jsetje @vathpela
Update SbatLevel_Variable.txt with peimage CVE-2024-2312 revocation
1aa6406 
Add revocations for
 - January 2024 shim CVEs
 - October 2023 grub CVEs
 - Debian/Ubuntu (peimage) CVE-2024-2312
to SbatLevel_Variable.txt. This was missed when they were commited
to include/sbat_var_defs.h

Signed-off-by: Jan Setje-Eilers <[email protected]>
@jsetje @vathpela
Add generate_sbat_var_defs utility program
bd55125 
This adds the utility program generate_sbat_var_defs, which can be used
to generate the sbar_var_defs.h header file from the human readable
SbatLevel_Variable.txt file.

Signed-off-by: Jan Setje-Eilers <[email protected]>
@jsetje @vathpela
Generate and use generated_sbat_var_defs.h
9b54ee5 
Build changes to generate include/generated_sbat_var_defs.h from
SbatLevel_Variable.txt and use that header file. From here on
forward SbatLevel_Variable.txt should be the only place a new
revocation needs to be recorded.

Signed-off-by: Jan Setje-Eilers <[email protected]>
@jsetje @vathpela
SbatLevel_Variable.txt: clarify where and how revocation data is tracked
880f69f 
Comments to clarify that revocations should only be recorded
in SbatLevel_Variable.txt and not in any other header files.

Signed-off-by: Jan Setje-Eilers <[email protected]>
@vathpela vathpela force-pushed the generate_sbat_levels branch from 1684f16 to 880f69f Compare February 4, 2025 17:32
@jsetje jsetje mentioned this pull request Feb 5, 2025
Open
@vathpela vathpela self-requested a review February 5, 2025 14:09
@vathpela vathpela merged commit e886fb3 into rhboot:main Feb 5, 2025
20 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vathpela vathpela Awaiting requested review from vathpela

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
shim 16
Development

Successfully merging this pull request may close these issues.
2 participants
@jsetje @vathpela