Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PSA: NX support mandatory since November 30 2022 #307

Closed
julian-klode opened this issue Dec 8, 2022 · 2 comments
Closed

PSA: NX support mandatory since November 30 2022 #307

julian-klode opened this issue Dec 8, 2022 · 2 comments
Labels
meta Not a review request, but an issue or notice wrt the signing process PSA Public Service Announcement

Comments

@julian-klode
Copy link
Collaborator

julian-klode commented Dec 8, 2022
edited
Loading

Microsoft requires NX support for signing since Nov 30.

shim 15.7 does not enable NX support, a patch is available here:

rhboot/shim#530

Alternative run post-process-pe manually with the right flag set.

Also NX support needs to be added to bootloader and kernel.

Hence please don't submit shims for review if you don't have working NX stack or at least prepped the shim for NX (I mean you can continue working on the rest in the meantime).
@julian-klode julian-klode added the meta Not a review request, but an issue or notice wrt the signing process label Dec 8, 2022
@iokomin iokomin mentioned this issue Dec 8, 2022
Closed
8 tasks
@jackpot51 jackpot51 mentioned this issue Feb 1, 2023
Closed
8 tasks
@jackpot51
Copy link

I have a question about the preferred way of applying this patch: #313 (comment)

Also, I would like to request that a new release of Shim be made such that NX is enabled by default, if it is always going to be a requirement.

@frozencemetery frozencemetery pinned this issue Feb 16, 2023
This was referenced Feb 16, 2023
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@rehakp rehakp mentioned this issue Mar 28, 2023
Closed
8 tasks
This was referenced Apr 4, 2023
Closed
Closed
Closed
Closed
@dbnicholson dbnicholson mentioned this issue Apr 11, 2023
Closed
9 tasks
@aronowski aronowski mentioned this issue Apr 18, 2023
Closed
8 tasks
@aronowski aronowski mentioned this issue May 9, 2023
Closed
8 tasks
@aronowski aronowski mentioned this issue Aug 22, 2023
Closed
8 tasks
@steve-mcintyre steve-mcintyre changed the title PSA: NX support mandatory since November 30 PSA: NX support mandatory since November 30 2022 Sep 3, 2023
@steve-mcintyre steve-mcintyre added the PSA Public Service Announcement label Sep 4, 2023
@aronowski aronowski mentioned this issue Sep 26, 2023
Closed
8 tasks
@julian-klode
Copy link
Collaborator Author

I've heard rumors some firmware actually discovers that the flag is set and turns on NX enforcement, causing later stages to fail. You can't sign without one of course, but the rest of the boot stack isn't ready for NX yet so muhaha as we say.

@aronowski aronowski mentioned this issue Oct 3, 2023
Closed
8 tasks
@Blarse Blarse mentioned this issue Nov 21, 2023
Closed
8 tasks
@Blarse Blarse mentioned this issue Dec 1, 2023
Closed
8 tasks
@ghost ghost mentioned this issue Jul 31, 2024
Closed
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
meta Not a review request, but an issue or notice wrt the signing process PSA Public Service Announcement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@frozencemetery @julian-klode @jackpot51 @steve-mcintyre