commit shim for openSUSE:Factory

Fri, 26 May 2023 11:15:23 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package shim for openSUSE:Factory checked in 
at 2023-05-26 20:15:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/shim (Old)
 and      /work/SRC/openSUSE:Factory/.shim.new.1533 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "shim"

Fri May 26 20:15:09 2023 rev:113 rq:1089032 version:15.7

Changes:
--------
--- /work/SRC/openSUSE:Factory/shim/shim.changes        2023-04-11 
13:50:58.379295938 +0200
+++ /work/SRC/openSUSE:Factory/.shim.new.1533/shim.changes      2023-05-26 
20:15:15.336184744 +0200
@@ -1,0 +2,9 @@
+Mon May 15 03:28:47 UTC 2023 - Gary Ching-Pang Lin <g...@suse.com>
+
+- Update shim-install to amend full disk encryption support
+    b540061e041b  Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
+    f2e8143ce831  Use the long name to specify the grub2 key protector
+    72830120e5ea  cryptodisk: support TPM authorized policies
+    49e7a0d307f3  Do not use tpm_record_pcrs unless the command is in 
command.lst
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------


++++++ shim-install ++++++
--- /var/tmp/diff_new_pack.zujSGz/_old  2023-05-26 20:15:15.968188511 +0200
+++ /var/tmp/diff_new_pack.zujSGz/_new  2023-05-26 20:15:15.972188535 +0200
@@ -370,20 +370,23 @@
     return
   fi
 
-  tpm_pcr_bank="${GRUB_TPM2_PCR_BANK:-sha256}"
-  tpm_pcr_list="${GRUB_TPM2_PCR_LIST:-0,2,4,7,9}"
   tpm_sealed_key="${GRUB_TPM2_SEALED_KEY}"
 
   declare -g TPM_PCR_SNAPSHOT_TAKEN
 
   if [ -z "$TPM_PCR_SNAPSHOT_TAKEN" ]; then
     TPM_PCR_SNAPSHOT_TAKEN=1
-    echo "tpm_record_pcrs 0-9"
+
+    # Check if tpm_record_pcrs is available and set the command to
+    # grub.cfg.
+    if grep -q "tpm_record_pcrs" ${datadir}/grub2/${arch}-efi/command.lst ; 
then
+      echo "tpm_record_pcrs 0-9"
+    fi
   fi
 
   cat <<EOF
-tpm2_key_protector_init -b $tpm_pcr_bank -p $tpm_pcr_list -k 
\$prefix/$tpm_sealed_key
-if ! cryptomount -u $uuid -k tpm2; then
+tpm2_key_protector_init -T \$prefix/$tpm_sealed_key
+if ! cryptomount -u $uuid --protector tpm2; then
     cryptomount -u $uuid
 fi
 EOF

Reply via email to