SUSE-SU-2020:2629-1 -- SLES shimID: oval:org.secpod.oval:def:89049080 | Date: (C)2023-07-18 (M)2023-12-20 |
Class: PATCH | Family: unix |
This update for shim fixes the following issues: This update addresses the "BootHole" security issue , by disallowing binaries signed by the previous SUSE UEFI signing key from booting. This update should only be installed after updates of grub2, the Linux kernel and Xen from July / August 2020 are applied. Changes: Use vendor-dbx to block old SUSE/openSUSE signkeys + Add dbx-cert.tar.xz which contains the certificates to block and a script, generate-vendor-dbx.sh, to generate vendor-dbx.bin + Add vendor-dbx.bin as the vendor dbx to block unwanted keys - Update the path to grub-tpm.efi in shim-install - Only check EFI variable copying when Secure Boot is enabled - Use the full path of efibootmgr to avoid errors when invoking shim-install from packagekitd - shim-install: add check for btrfs is used as root file system to enable relative path lookup for file. - shim-install: install MokManager to \EFI\boot to process the pending MOK request
Platform: |
SUSE Linux Enterprise Server 15 SP2 |
SUSE Linux Enterprise Desktop 15 SP1 |
SUSE Linux Enterprise Desktop 15 SP2 |
SUSE Linux Enterprise Server 15 SP1 |