-
Notifications
You must be signed in to change notification settings - Fork 128
-
Notifications
You must be signed in to change notification settings - Fork 128
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Shim 15.8 for SonicWall #352
Comments
Hi - could you confirm if the contact verification has been sent, I do not see anything in my email with "shim-review". Thanks |
Contact verification will be likely send with the initial review or some time after. |
|
The review is very well-written! Just one question out of curiosity: Since I'm not familiar with OpenEmbedded, I assume you just modified the upstream Wind River This assumption comes from the fact that I couldn't find any other references apart from this OpenEmbedded Layer Index. In the meantime, I've requested to integrate the number update here. If you have a different build process, please let me know. I'm here to learn new things as well. @THS-on, please let me know the status of the verification emails. |
@aronowski I've sent out the emails a minute ago :) |
fusees |
moderation |
Thank you @aronowski for your review. We have a different build process. We extended the grub-efi_2.04.bb recipe from upstream openembedded-core (not from upstream Wind River meta-secure-core) with the following commits from upstream grub util/mkimage: Remove unused code to add BSS section util/mkimage: Use grub_host_to_target32() instead of grub_cpu_to_le32() util/mkimage: Always use grub_host_to_target32() to initialize PE stack and heap stuff util/mkimage: Unify more of the PE32 and PE32+ header set-up util/mkimage: Reorder PE optional header fields set-up util/mkimage: Improve data_size value calculation util/mkimage: Refactor section setup to use a helper util/mkimage: Add an option to import SBAT metadata into a .sbat section grub-install-common: Add --sbat option And then specified the sonicwall grub sbat file during the build process. |
@aronowski contact verification was successful. |
Please update either this submission for 15.8 or create a new submission. |
Thanks for the notification. We are working on it and will update this submission. |
Shim review has been updated to 15.8 @THS-on |
Hi Could someone help us understand why is it taking so long to get our SHIM reviewed, we see others who submitted a SHIM for review as a "new vendor" were completed before our request. Are we missing some part of the process? Thanks |
@soniccore-snwl, thank you for raising this issue. Appreciate it. I suppose many factors may partake in the delays - not even taking into account that most people volunteer their free time after working their jobs for a living, but in case of this application, maybe few people in the shim-review environment feel competent to learn a new framework to verify things thoroughly. I'm not a low-level or embedded developer, but see that it took me about 19 days to only scratch the surface on how the environment related to OpenEmbedded works. And I'm not even counting even those applications, where a mention of lesser known intermediary (second-stage) bootloaders is provided - in such cases people wait way longer. While I can't clone myself and start reviewing this application from scratch, I think it's possible for the SonicWall team to help with reviewing other applications, making things easier for other reviewers, and having a promotion to an official reviewer in the future. |
Hi @aronowski thanks for working on our submission. We have also worked on reviewing submission #403 |
@soniccore-snwl, thank you! Any volunteers for this application (may not be in the committee)? |
n.b., I am a volunteer reviewer and not part of the committee. Review of SonicWall-shim-x86_64-20240223
Shim
Need info from Vendor GRUB2
Kernel
|
n.b. i tried to repro this while at the airport, will try again later today with a stable and trusted internet connection. |
Thank @aronowski and @NeilHanlon. @soniccore-snwl I'm sorry to say I'm also failed to reproduce the codes based on the tag SonicWall-shim-x86_64-20240223. Besides, I saw a typo in the 1st line of Dockerfile saying Also, I guess your patch is used to enable NX flag which is not what we expected. And the line number in this patch conflicts with Make.default and Makefile files of shim-15.8. This is why build is failed. Thanks.
|
Thanks @dennis-tseng99, @NeilHanlon and @aronowski. We have updated the application in tag The patch was removed locally but not committed. We have removed it in our latest tag. The sha256sum of the shim binary remains the same as the binary was built with the patch removed locally. Our answer to the question As for |
The build does reproduce now and the checksum matches! Huge thanks to @dennis-tseng99 and @NeilHanlon for the help. I kindly request further reviews, so we can have the application accepted, as people have been waiting for a long time. |
I will take care of it after going back from hospital. |
review based on tag SonicWall-shim-x86_64-20240412
README.md: c39bfbe2c93325bc3de07273308e8fc096e3eae99720945c5ff99c2dc0d8c574 shimx64.efi
/shim-review/work# openssl x509 -inform der -in cert.der -text -noout
|
@soniccore-snwl did you get a signed shim back? |
Hi @THS-on, we are currently trying to resolve an issue with our signing account. We'll get back to you as soon as we get a signed shim back. Thanks. |
@soniccore-snwl has your issue been solved? |
Confirm the following are included in your repo, checking each box:
What is the link to your tag in a repo cloned from rhboot/shim-review?
https://github.com/sonicwall/shim-review/tree/SonicWall-shim-x86_64-20240412
What is the SHA256 hash of your final SHIM binary?
c39bfbe2c93325bc3de07273308e8fc096e3eae99720945c5ff99c2dc0d8c574
What is the link to your previous shim review request (if any, otherwise N/A)?
N/A
The text was updated successfully, but these errors were encountered: