forked from rhboot/shim
-
Notifications
You must be signed in to change notification settings - Fork 0
/
0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch
42 lines (37 loc) · 1.52 KB
/
0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
From 63edf92f8ae11b884bc7d24aecb8229cbc4ae014 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Fri, 5 Apr 2024 21:57:07 +0200
Subject: [PATCH 1/2] sbat: Add grub.peimage,2 to latest (CVE-2024-2312)
Add the previous latest level to the switch for automatic.
Signed-off-by: Julian Andres Klode <julian.klode@canonical.com>
---
include/sbat_var_defs.h | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/include/sbat_var_defs.h b/include/sbat_var_defs.h
index f8cba029..04d708f2 100644
--- a/include/sbat_var_defs.h
+++ b/include/sbat_var_defs.h
@@ -47,6 +47,8 @@
#define SBAT_VAR_AUTOMATIC_REVOCATIONS "shim,2\ngrub,3\n"
#elif SBAT_AUTOMATIC_DATE == 2023012900
#define SBAT_VAR_AUTOMATIC_REVOCATIONS "shim,2\ngrub,3\ngrub.debian,4\n"
+#elif SBAT_AUTOMATIC_DATE == 2024010900
+#define SBAT_VAR_AUTOMATIC_REVOCATIONS "shim,4\ngrub,3\ngrub.debian,4\n"
#else
#error "Unknown SBAT_AUTOMATIC_DATE"
#endif /* SBAT_AUTOMATIC_DATE == */
@@ -56,10 +58,10 @@
SBAT_VAR_AUTOMATIC_REVOCATIONS
/*
- * Revocations for January 2024 shim CVEs
+ * Revocations for January 2024 shim CVEs + Debian/Ubuntu (peimage) CVE-2024-2312
*/
-#define SBAT_VAR_LATEST_DATE "2024010900"
-#define SBAT_VAR_LATEST_REVOCATIONS "shim,4\ngrub,3\ngrub.debian,4\n"
+#define SBAT_VAR_LATEST_DATE "2024040500"
+#define SBAT_VAR_LATEST_REVOCATIONS "shim,4\ngrub,3\ngrub.debian,4\ngrub.peimage,2\n"
#define SBAT_VAR_LATEST \
SBAT_VAR_SIG SBAT_VAR_VERSION SBAT_VAR_LATEST_DATE "\n" \
SBAT_VAR_LATEST_REVOCATIONS
--
2.39.2