-
Notifications
You must be signed in to change notification settings - Fork 94
Bump edk2 to 202605, shim to 16.1, and refresh GRUB 2.12 against Fedora #4119
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
chewi
wants to merge
6
commits into
main
Choose a base branch
from
chewi/edk2-202511
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
e77348a
app-emulation/qemu[static-user] doesn't need so many static libs now
chewi b89d564
sys-firmware/edk2-bin: Sync with Gentoo for 202605
chewi 0588298
sys-boot/shim: Version bump to 16.1
chewi e0ba336
sys-boot/shim-signed: Version bump to 16.1
chewi 6d3d7e0
sys-boot/grub: Refresh the 2.12 patches against Fedora 45
chewi 7b7a387
changelog: Add grub, shim, and edk2-bin updates
chewi File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| - grub (2.12-flatcar4, rebased against Fedora 45) | ||
| - shim ([16.1](https://github.com/rhboot/shim/releases/tag/16.1) (includes [16.0](https://github.com/rhboot/shim/releases/tag/16.0))) | ||
| - SDK: edk2-bin ([202605](https://github.com/tianocore/edk2/releases/tag/edk2-stable202605) (includes [202602](https://github.com/tianocore/edk2/releases/tag/edk2-stable202602), [202511](https://github.com/tianocore/edk2/releases/tag/edk2-stable202511), [202508](https://github.com/tianocore/edk2/releases/tag/edk2-stable202508), [202505](https://github.com/tianocore/edk2/releases/tag/edk2-stable202505), [202502](https://github.com/tianocore/edk2/releases/tag/edk2-stable202502), [202411](https://github.com/tianocore/edk2/releases/tag/edk2-stable202411))) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
10,140 changes: 9,291 additions & 849 deletions
10,140
...rc/third_party/coreos-overlay/coreos/user-patches/sys-boot/grub/grub-2.12-00-redhat.patch
Large diffs are not rendered by default.
Oops, something went wrong.
112 changes: 0 additions & 112 deletions
112
...y/coreos-overlay/coreos/user-patches/sys-boot/grub/grub-2.12-01-execute-return-code.patch
This file was deleted.
Oops, something went wrong.
36 changes: 36 additions & 0 deletions
36
...party/coreos-overlay/coreos/user-patches/sys-boot/grub/grub-2.12-verifier-null-file.patch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| https://src.fedoraproject.org/rpms/grub2/pull-request/238 | ||
|
|
||
| From db7782da011a39b06fe80282f608390ed76dae1c Mon Sep 17 00:00:00 2001 | ||
| From: James Le Cuirot <jlecuirot@microsoft.com> | ||
| Date: Fri, 26 Jun 2026 14:08:05 +0100 | ||
| Subject: [PATCH] verifiers: Fix NULL pointer dereference when verification | ||
| fails on x64 | ||
|
|
||
| verified_free() references verified->file->size, so verified->file must | ||
| be set before calling this function. | ||
|
|
||
| This was noticed after building EDK2 with --pcd | ||
| PcdNullPointerDetectionPropertyMask=0x03. | ||
|
|
||
| Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com> | ||
| --- a/grub-core/kern/verifiers.c | ||
| +++ b/grub-core/kern/verifiers.c | ||
| @@ -155,6 +155,7 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type) | ||
| { | ||
| goto fail; | ||
| } | ||
| + verified->file = io; | ||
| #if defined (GRUB_MACHINE_EFI) && defined (__x86_64__) | ||
| verified->buf = grub_efi_allocate_any_pages (GRUB_EFI_BYTES_TO_PAGES (ret->size)); | ||
| #else | ||
| @@ -205,7 +206,6 @@ grub_verifiers_open (grub_file_t io, enum grub_file_type type) | ||
| ver->close (context); | ||
| } | ||
|
|
||
| - verified->file = io; | ||
| ret->data = verified; | ||
| return ret; | ||
|
|
||
| -- | ||
| 2.54.0 | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
4 changes: 2 additions & 2 deletions
4
sdk_container/src/third_party/coreos-overlay/sys-boot/shim-signed/Manifest
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,2 @@ | ||
| DIST shimaa64-15.8-r1.efi.signed 996824 BLAKE2B 2ba906ddb168ec689398e6561d9b01fa2a37d1e7dcb80b86b8d86d46bae5e1600e77bb849ae9678f365051c7ee055d82ec604e3ec2b4433056a2a2f0e50255aa SHA512 7544db5e35d25073331f408fa1e71f6fed1bd27916468f918b48bbb8ac371086d05b4ec6b036be95a30101d0f047f6d7b431e8be401361286ae4a9780966a4cc | ||
| DIST shimx64-15.8-r1.efi.signed 950040 BLAKE2B 90f8acd66b2e80e7b0696ba02522ab520cdec8bd8fc9f2996f26dc456786240b78e7dcf2807bc91530db4ec3425c5eb1355d20dd261ed189eb75ae3867b9a093 SHA512 9eb1468746abdfc62cdcb12b782c9aa775ae9c2c813781e96b44a02847d75eab0f9795a0e0b9ac05969a7712d4e1501102b4d32e9b005c9b8a2e70ab8eff911e | ||
| DIST shimaa64-16.1.efi.signed 996872 BLAKE2B 789b04be855cd055bd2e885e5e1207140426622742cd30b6f978a96be85c6c5569f79a59dd9fb000699980b2ea01ecbb9e00085a19303805ebfdbf0ba2dcff62 SHA512 b866da33fde3e35873d212b65a6cecabe3616b2170ac6396ffbe7b4da0a6221d07a3c4a2b7a87df6109c6e4032374537022f7289df9204c284b8ac7c71064d5f | ||
| DIST shimx64-16.1.efi.signed 950088 BLAKE2B 1fe6482af52b4f009f3c9086c4425d0b47fc20334dc8c60f6f55394df9112db7c9d3341c2d26837f296b220756235b5f7ac5465d5751beace08b711c5b629760 SHA512 56152e85ab864979f348a19f2ceef8b39dc4447aa2807e9484a106f0683551ff6014f00bb0bc8c123b3571a696bea41f1525e175e172f554a53bd495151043d6 |
File renamed without changes.
2 changes: 1 addition & 1 deletion
2
sdk_container/src/third_party/coreos-overlay/sys-boot/shim/Manifest
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| DIST shim-15.8.tar.bz2 2315201 BLAKE2B 24da29cf45a08bceffc15682fcdd16e34e42d3b33f2a0b2e528193d8e3455a034b6242c13cebf43db481f73a83329effd9812f0d1e04861ecf7329e54f9059b9 SHA512 30b3390ae935121ea6fe728d8f59d37ded7b918ad81bea06e213464298b4bdabbca881b30817965bd397facc596db1ad0b8462a84c87896ce6c1204b19371cd1 | ||
| DIST shim-16.1.tar.bz2 2348998 BLAKE2B f2aef8d1e8cbd65c911133807747b1f654ebbde465db8ed21d39825af4ec898e937bf35e2e77f59a76cdcdaa45873bc0f9dfbfa33f6acbbc6db8e5f689847841 SHA512 ca5f80e82f3b80b622028f03ef23105c98ee1b6a25f52a59c823080a3202dd4b9962266489296e99f955eb92e36ce13e0b1d57f688350006bba45f2718f159fb |
73 changes: 0 additions & 73 deletions
73
sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r3.ebuild
This file was deleted.
Oops, something went wrong.
48 changes: 48 additions & 0 deletions
48
sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-16.1.ebuild
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,48 @@ | ||
| # Copyright 2015 CoreOS, Inc. | ||
| # Distributed under the terms of the GNU General Public License v2 | ||
|
|
||
| EAPI=8 | ||
|
|
||
| DESCRIPTION="UEFI Shim loader" | ||
| HOMEPAGE="https://github.com/rhboot/shim" | ||
| SRC_URI="https://github.com/rhboot/shim/releases/download/${PV}/shim-${PV}.tar.bz2" | ||
| KEYWORDS="amd64 arm64" | ||
|
|
||
| LICENSE="BSD" | ||
| SLOT="0" | ||
| IUSE="official" | ||
|
|
||
| # TODO: Would be ideal to depend on sys-boot/gnu-efi package, but | ||
| # currently the shim insists on using the bundled copy. This will need | ||
| # to be addressed by patching this check out after making sure that | ||
| # our copy of gnu-efi is as usable as the bundled one. | ||
| DEPEND=" | ||
| dev-libs/openssl | ||
| " | ||
| BDEPEND=" | ||
| coreos-base/coreos-sb-keys | ||
| " | ||
|
|
||
| PATCHES=( | ||
| "${FILESDIR}/0001-Fix-parallel-build-of-gnu-efi.patch" | ||
| "${FILESDIR}/0002-Fix-build-with-binutils-2-46.patch" | ||
| ) | ||
|
|
||
| src_compile() { | ||
| use official && [[ -z ${SHIM_SIGNING_CERTIFICATE} ]] && | ||
| die "USE=official but SHIM_SIGNING_CERTIFICATE environment variable is unset" | ||
|
|
||
| sed -e "s/@@VERSION@@/${PVR}/" "${FILESDIR}"/sbat.csv.in >"${WORKDIR}/sbat.csv" || die | ||
|
|
||
| unset ARCH | ||
| emake \ | ||
| CROSS_COMPILE="${CHOST}-" \ | ||
| ENABLE_SBSIGN=1 \ | ||
| SBATPATH="${WORKDIR}"/sbat.csv \ | ||
| VENDOR_CERT_FILE="${SHIM_SIGNING_CERTIFICATE:-${BROOT}/usr/share/sb_keys/shim.der}" | ||
| } | ||
|
|
||
| src_install() { | ||
| insinto /usr/lib/shim | ||
| doins shim?*.efi mm?*.efi | ||
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.