git.proxmox.com Git - efi-boot-shim.git/commit

]> git.proxmox.com Git - efi-boot-shim.git/commit

author	Steve McIntyre <93sam@debian.org>
	Sat, 4 May 2019 17:52:08 +0000 (18:52 +0100)
committer	Steve McIntyre <93sam@debian.org>
	Sat, 4 May 2019 17:56:30 +0000 (18:56 +0100)
commit	6cf246a5c9bb035467fafedfd18408bc4ae78f6c
tree	2e26ccc15a35390eeb40a9e40582b92e2faeda2c	tree
parent	e17b0af4664eff964d36090143fd6f91e07416c5	commit \| diff

Generate a vendor dbx file at build time

This allow us to block executing binaries with specific
checksums. Generate the dbx list at runtime from a simple list of
sha256 hashes, so we can update this easily. If we need to also
blacklist a cert later, we'll need to update this code to add that
option too.

Add a build-dep on pesign to get the needed efisiglist program.

debian/control		diff \| blob \| blame \| history
debian/rules		diff \| blob \| blame \| history

shim, a first-stage UEFI bootloader adapted for Proxmox projects

RSS Atom