Date: Fri, 24 Nov 2017 14:50:01 +0100
From: Marcin Wcislo
Subject: [Shim-review] Shim review request (FileWave, submission ID: 1972187)

Hi,

We decided to switch embedded certificate in our shim and because of that we need another review from you. All required information and
files (as described in the review procedure) can be found here: https://github.com/fw-dev/shim-review
https://github.com/fw-dev/shim-review. This submission is almost exactly the same as the previous one with one exception, this time we
didn’t embed public key certificate of our self-signed CA but we used public key certificate of our Extended Validation certificate
acquired from Symantec. Everything else (code, build platform, packages, grub, kernel, test procedures) is exactly the same. I hope that
it can help with having this submission reviewed swiftly. If you have any more questions, please let me now.

Our first submission was handled in subject: Shim review request (FileWave, submission ID: 1956769).

Best regards, Marcin

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  https://github.com/broadbandcomputercompany/shim-review/tree/bccl-shim-x64-20180815
• completed README.md file with the necessary information
  https://github.com/broadbandcomputercompany/shim-review/blob/bccl-shim-x64-20180815/README.md
• shim.efi to be signed
  https://github.com/broadbandcomputercompany/shim-review/blob/bccl-shim-x64-20180815/shimx64.efi
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
  https://github.com/broadbandcomputercompany/shim-build/blob/master/bccl.cer
• any extra patches to shim via your own git tree or as files
  No patches applied
• any extra patches to grub via your own git tree or as files
  No patches applied
• build logs
  https://github.com/broadbandcomputercompany/shim-review/blob/bccl-shim-x64-20180815/build.log

What organization or people are asking to have this signed:

Broadband Computer Company Ltd (http://www.broadbandcomputer.com)

Version of shim:

15

Sysdev Submission ID:

We were directed to the shim review board by Microsoft after submitting our shim to them for signing. Subsequently our original sysdev submission has been closed pending approval from the shim review board.

What product or service is this for:

Secure COAST

What's the justification that this really does need to be signed for the whole world to be able to boot it:

Secure COAST is a security focused linux distro based on Ubuntu 18.04.
We encourage our customers to boot our OS with secure boot enabled, hence the need for a
signed shim.

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  https://github.com/jongkyung/shim-review/releases/tag/Gooroom-shim-x64-20190328

• completed README.md file with the necessary information
  https://github.com/jongkyung/shim-review/blob/master/README.md

• shim.efi to be signed
  https://github.com/jongkyung/shim-review/blob/master/shimx64.efi

• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
  https://github.com/jongkyung/shim-review/blob/master/gooroom-uefi-ca.der

• any extra patches to shim via your own git tree or as files
  No patched appied

• any extra patches to grub via your own git tree or as files
  https://github.com/jongkyung/shim-review/blob/master/gooroom-validate-linux-image-by-shim.patch

• build logs
  https://github.com/jongkyung/shim-review/blob/master/build.log

What organization or people are asking to have this signed:

[Gooroom]

What product or service is this for:

[Gooroom OS]

What is the origin and full version number of your shim?

[shim 15+1533136590.3beb971-0ubuntu1+grm1u1]

What's the justification that this really does need to be signed for the whole world to be able to boot it:

[To make secure boot on Gooroom OS]

How do you manage and protect the keys used in your SHIM?

[no]

Do you use EV certificates as embedded certificates in the SHIM?

[no]

What is the origin and full version number of your bootloader (GRUB or other)?

[grub2 2.02+beta3-5+grm1u6]

If your SHIM launches any other components, please provide further details on what is launched

[none]

How do the launched components prevent execution of unauthenticated code?

[We will show messages that execution of unauthenticated code isn't working]

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

[no]

What kernel are you using? Which patches does it includes to enforce Secure Boot?

[linux 4.9.110-3+deb9u6+grm1u2, no patches for secure boot]

What changes were made since your SHIM was last signed?

[no, It's first time]

What is the hash of your final SHIM binary?

[sha256sum fb501b838fe9b91b6adfd9eaa5ff0c5824c7f802fcdc1f960d13a11f3a3db76c ./shimx64.efi]

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs

What organization or people are asking to have this signed:

Red Hat, Inc.

What product or service is this for:

CentOS Linux 7.6.1810

What is the origin and full version number of your shim?

shim 15

What's the justification that this really does need to be signed for the whole world to be able to boot it:

CentOS Linux is deployed on a high number of nodes already using it in SecureBoot mode enabled

How do you manage and protect the keys used in your SHIM?

Can't discuss this publicly, but hardware HSM is used

Do you use EV certificates as embedded certificates in the SHIM?

no

What is the origin and full version number of your bootloader (GRUB or other)?

grub2 rebuilt from upstream RHEL 7.6 tree, so https://git.centos.org/commit/rpms!grub2.git/28f7f8f0658e20412cba7a6af37539b1e1f567b2

If your SHIM launches any other components, please provide further details on what is launched

nothing else than grub2 and then kernel

How do the launched components prevent execution of unauthenticated code?

Our CI test shows that trying to boot an unsigned kernel isn't working, while a correct pesigned one works

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

NO

What kernel are you using? Which patches does it includes to enforce Secure Boot?

official RHEL 7.6 rebuild kernel.src.rpm

What changes were made since your SHIM was last signed?

new release, so bumped from shim v12 to shim v15

Close Issue.

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  https://github.com/cisco/sto-uefi-secure-bootloader/tree/cisco-shim-x86_64-20181024/shim-review
• completed README.md file with the necessary information
  https://github.com/cisco/sto-uefi-secure-bootloader/blob/cisco-shim-x86_64-20181024/shim-review/README.md
• shim.efi to be signed
  https://github.com/cisco/sto-uefi-secure-bootloader/blob/cisco-shim-x86_64-20181024/shim-review/shimx64.efi
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
  https://github.com/cisco/sto-uefi-secure-bootloader/blob/cisco-shim-x86_64-20181024/shim-review/cisco_virtual_root.der
• any extra patches to shim via your own git tree or as files
  n/a
• any extra patches to grub via your own git tree or as files
  n/a
• build logs
  https://github.com/cisco/sto-uefi-secure-bootloader/blob/cisco-shim-x86_64-20181024/shim-review/build.log

Sysdev Submission ID:

UEFI File Submission ID: 14403955457868706

What organization or people are asking to have this signed:

Cisco Systems
IANA Enterprise Number 9

What product or service is this for:

Cisco Appliances and Virtual products that are using Linux based Operating Systems

What is the origin and full version number of your shim?

https://github.com/rhboot/shim/releases/tag/14

What's the justification that this really does need to be signed for the whole world to be able to boot it:

Customers using Cisco Virtual products that run on 3rd party servers (DELL, HP...) do not have permissions to change the UEFI db and add our keys. The Microsoft signed SHIM allows these products to securely run on those platforms

How do you manage and protect the keys used in your SHIM?

Stored offline via a dedicated group within Cisco

Do you use EV certificates as embedded certificates in the SHIM?

yes

What is the origin and full version number of your bootloader (GRUB or other)?

GRUB2 shipping with CentOS 7, and Ubuntu

If your SHIM launches any other components, please provide further details on what is launched

n/a

How do the launched components prevent execution of unauthenticated code?

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

no

What kernel are you using? Which patches does it includes to enforce Secure Boot?

Standard kernels from CentOS 7 and Ubuntu. Secure boot support flags enabled during builds

What changes were made since your SHIM was last signed?

resubmit of the initial attempt. Only internal DevOps have changed to make the build more reproducible.

What is the hash of your final SHIM binary?

8cb61fc8da9f37aa1a05f153208f781ee791bac2a7a7c4a24b14d1e54f449d61 shimx64.efi

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs

What organization or people are asking to have this signed:

Red Hat, Inc.

Version of shim:

shim 12

Sysdev Submission ID:

What product or service is this for:

CentOS Linux 7.5.1804

What's the justification that this really does need to be signed for the whole world to be able to boot it:

CentOS Linux is deployed on a high number of nodes already using it in SecureBoot mode enabled

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs

What organization or people are asking to have this signed:

Oracle Corporation

What product or service is this for:

Oracle Linux
https://www.oracle.com/linux/index.html

What is the origin and full version number of your shim?

We have used upstream shim version 15
https://github.com/rhboot/shim/releases/tag/15

What's the justification that this really does need to be signed for the whole world to be able to boot it:

Oracle Linux is a popular enterprise Linux distribution with Secure Boot support.

How do you manage and protect the keys used in your SHIM?

The key is installed in the server with restricted physical and system access

Do you use EV certificates as embedded certificates in the SHIM?

Yes

What is the origin and full version number of your bootloader (GRUB or other)?

grub2 - upstream plus number of patches from RedHat and Oracle

If your SHIM launchers any other components, please provide further details on what is launched

[your text here]

How do the launched components prevent execution of unauthenticated code?

grub verifies signatures on booted kernels

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

no

What kernel are you using? Which patches does it includes to enforce Secure Boot?

UEK5 is based on 4.14 upstream version plus lock down patches for Secure Boot

What changes were made since your SHIM was last signed?

Shim version upgrade

What is the hash of your final SHIM binary?

67579c3c8cb3ec0e70293f22acdb926656033e0a71022047c7c9e7c5393620c2 shimia32.efi
df2a2c8c30aaa80ecf81fdd7b9d088169a509515402dfde4ff6f242d8413219f shimx64.efi

Link to shim tag: https://github.com/AlexeyPetrenkoOracle/shim-review/releases/tag/oracle-shim-15-1.0.1.el7-x86_64-20180906

Public certificate:
-----BEGIN CERTIFICATE-----
MIIF7jCCBNagAwIBAgIQDy3AVtdL5VRRne9+wjMu0zANBgkqhkiG9w0BAQsFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25p
bmcgQ0EgKFNIQTIpMB4XDTE1MTEyNDAwMDAwMFoXDTE4MTEyNzEyMDAwMFowggED
MR0wGwYDVQQPDBRQcml2YXRlIE9yZ2FuaXphdGlvbjETMBEGCysGAQQBgjc8AgED
EwJVUzEZMBcGCysGAQQBgjc8AgECEwhEZWxhd2FyZTEQMA4GA1UEBRMHNDAyODEy
NTEbMBkGA1UECRMSNTAwIE9yYWNsZSBQYXJrd2F5MQ4wDAYDVQQREwU5NDA2NTEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFzAVBgNVBAcTDlJlZHdv
b2QgU2hvcmVzMRswGQYDVQQKExJPcmFjbGUgQ29ycG9yYXRpb24xGzAZBgNVBAMT
Ek9yYWNsZSBDb3Jwb3JhdGlvbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALPe/7VsbNF6JMVE3gPoKSK+DDsGSmiporQbHSqdwsFcZElkYf5BYAb2Ju9k
2hu62d3bHcTsmYu6oBr9BBlZ5yGBkznLXwZ2EMNK7yNZ+TGDqN0JxwJFOQHV4PRt
QQYB6yS/yE8A19f0pSCoObSyf9keBq7lPSff5WGtne7bKxZWMtA2iqpVPWUiSjoc
rG2hO+1Gp9zBU1AkMmRGadZoBHiytgU73wDU22PfOa+9Q937qr0WfvdZihllXH9R
if627mqR8pic/iqfYInr3MabE/rm4AK3Irxm6qwOgqpAN7uX8+jYvywxGWtd2c+n
qUEuuF+hecUIAZ87fdhJiyb4OCcCAwEAAaOCAfEwggHtMB8GA1UdIwQYMBaAFI/o
fvBtMmoABSPHcJdqOpD/a+rUMB0GA1UdDgQWBBRRaY7Dvg9euMuo7Bl9KRh5CY+t
5DAuBgNVHREEJzAloCMGCCsGAQUFBwgDoBcwFQwTVVMtREVMQVdBUkUtNDAyODEy
NTAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwewYDVR0fBHQw
cjA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0VWQ29kZVNpZ25pbmdT
SEEyLWcxLmNybDA3oDWgM4YxaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0VWQ29k
ZVNpZ25pbmdTSEEyLWcxLmNybDBLBgNVHSAERDBCMDcGCWCGSAGG/WwDAjAqMCgG
CCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAcGBWeBDAED
MH4GCCsGAQUFBwEBBHIwcDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNl
cnQuY29tMEgGCCsGAQUFBzAChjxodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20v
RGlnaUNlcnRFVkNvZGVTaWduaW5nQ0EtU0hBMi5jcnQwDAYDVR0TAQH/BAIwADAN
BgkqhkiG9w0BAQsFAAOCAQEAbUJYx/Gq2+dcf9NHKQr0t/fADlUpW3lgkXdP9uyz
p57hWuF5ckiKvWy5ccDekHa+VT5mjzBv/7e9psbus+diPl48jBzcgYIWVJJ6sn6G
8bkKOBZpxmftq1BLimQb/NWnnz47LbHbsSWhtLCkpC+tL9AX/o/QHnmdbYyp2FeX
u0FA5NrbosusSAYGso6K7FzDKUZOaXGRbpxv0//40JMqemHQbKm5iiXHL0K29rgH
JDwoxm+/auZJ2YCya9MtkCP5HWDBqfOB+xl8EpSoQ7O0MYjnjdesN37dkoY4hqQA
wCboBQFFztz0A6FcVizD9F4WTaUAi3jZo7kNNKHImzpfdQ==
-----END CERTIFICATE-----

This repo is for review of requests for signing shim. To create a request for review:

• clone this repo
• edit the template below
• add the shim.efi to be signed
• add build logs
• commit all of that
• tag it with a tag of the form "myorg-shim-arch-YYYYMMDD"
• push that to github
• file an issue at https://github.com/rhboot/shim-review/issues with a link to your tag

Note that we really only have experience with using grub2 on Linux, so asking
us to endorse anything else for signing is going to require some convincing on
your part.

Here's the template:

What organization or people are asking to have this signed:

Service Planet Rotterdam B.V.

What product or service is this for:

The product for which we are applying for shim signing is an appliance codenamed
"Cyric" which is designed to help support personnel in stores. Cyric consists of
a server and a client. The Cyric client is a Linux distribution which users can
boot via PXE or USB on any PC. Once the Linux distribution is booted the user is
launched into a special application and presented with a menu of diagnostic and
options interesting for store customer support personnel.

What's the justification that this really does need to be signed for the whole world to be able to boot it:

Cyric deals with a very large amount of different models, brands and types of
consumer PC's that are not under our direct control or ownership. Unfortunately
because we deal with a vast number of different types of consumer notebooks and
desktops we encounter all kinds of problems with UEFI's. Some of them don't have
the ability to turn of secure boot even though that ability was mandated for
getting the Windows sticker on the PC at that time. Some UEFI's are so
complicated or poorly designed that even support personel (which operate Cyric)
have trouble finding the off switch. Some machines interpret disabling secure
boot as "enable BIOS compatibility" and can no longer boot via UEFI. Also
Microsoft has dropped the requirement for UEFI implementations that they have to
provide the ability to disable secure boot. So besides that we would like to
offer our users a more seamless experience (not having to manually disable
secure boot and then not forgetting to re-enable it) we encounter a lot of
situations in which we need a signed bootloader. We also anticipate that the
need for being "supported by default" (ie. a signed shim) will only grow now
that Microsoft has dropped the requirement to disable secure boot.

Who is the primary contact for security updates, etc.

• Name: Jasper Siepkes
• Position: ICT Manager (Co-founder), Developer
• Email address: [email protected]
• PGP key, signed by the other security contacts, and preferably also with signatures that are reasonably well known in the linux community:
  PGP Key ID: 0x9EF4EC108BEF11C5
  PGP Key Fingerprint: A15F E099 A0D2 5523 7CF5 5E16 9EF4 EC10 8BEF 11C5

Who is the secondary contact for security updates, etc.

• Name: Wai Kon Tse
• Position: Developer
• Email address: [email protected]
• PGP key, signed by the other security contacts, and preferably also with signatures that are reasonably well known in the linux community:
  PGP Key ID: 0xD20A5F35772B17D4
  PGP Key Fingerprint: 4932 5B19 1DB2 26F9 3F0E 56B6 D20A 5F35 772B 17D4

What upstream shim tag is this starting from:

https://github.com/rhboot/shim/releases/tag/12

URL for a repo that contains the exact code which was built to get this binary:

https://github.com/serviceplanet/shim-builder

What patches are being applied and why:

There are no patches being applied.

What OS and toolchain must we use to reproduce this build? Include where to find it, etc. We're going to try to reproduce your build as close as possible to verify that it's really a build of the source tree you tell us it is, so these need to be fairly thorough. At the very least include the specific versions of gcc, binutils, and gnu-efi which were used, and where to find those binaries.

We are using CentOS 7.5 and the bundled gcc. Everything can be reproduced by
following the guide provided by the url **https://github.com/serviceplanet/shim-builder**

Which files in this repo are the logs for your build? This should include logs for creating the buildroots, applying patches, doing the build, creating the archives, etc.

build_log

Put info about what bootloader you're using, including which patches it includes to enforce Secure Boot here:

We are using grub2 bootleader provided by CentOS 7.5.1804. Grub2 provided by
CentOS 7.5.1804 contains secure-boot patches.
The srpm of CentOS 7.5.1804 grub2 is located at http://vault.centos.org/7.5.1804/os/Source/SPackages/grub2-2.02-0.65.el7.centos.2.src.rpm

Put info about what kernel you're using, including which patches it includes to enforce Secure Boot here:

The kernel we are using is fedora 28 kernel tagged **kernel-4.16.14-300.fc28**
with commit hash of **217860d07996562757ba22a1108c218c5a40b38e**.

Location of certificate

https://github.com/serviceplanet/shim-builder/blob/master/keys/sp_code_signing_cert.der

sha256 of shimx64.efi

b52df1bd99a29cd4e6f53c799fc6c2c89650925c8f073c8fdd1b21fcf985bd02  shimx64.efi

Microsoft Uefi submission ID

14105650530628646

Location of build log and produced binary

https://github.com/serviceplanet/shim-review

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  https://github.com/rhboot/shim/tree/15
• completed README.md file with the necessary information
  https://github.com/vathpela/shim-review/blob/fedora-28/README.md
• shim.efi to be signed
  https://github.com/vathpela/shim-review/blob/fedora-28/shimia32.efi
  https://github.com/vathpela/shim-review/blob/fedora-28/shimx64.efi
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
  https://github.com/vathpela/shim-review/blob/fedora-28/fedora-ca.cer
• any extra patches to shim via your own git tree or as files
  None.
• any extra patches to grub via your own git tree or as files
  So, so many. They include the well-known Secure Boot patchset.
  https://github.com/rhboot/grub2/tree/fedora-28
• build logs
  https://github.com/vathpela/shim-review/blob/fedora-28/build.log

What organization or people are asking to have this signed:

Peter Jones for Fedora Linux

Version of shim:

shim 15

Sysdev Submission ID:

2216411 and 2216412

What product or service is this for:

This is for Fedora Linux

What's the justification that this really does need to be signed for the whole world to be able to boot it:

We're a major linux distro

Date: Fri, 3 Nov 2017 12:24:37 +0100
From: Johannes Segitz
Subject: Re: [Shim-review] Shim review for SUSE

On Fri, Oct 27, 2017 at 09:44:28AM -0400, Mathieu Trudel-Lapierre wrote:

It's the right procedure; these include pretty much all the
information necessary to review shim. If anything is missing, we'll
ask about it :)

Then lets see how good my first try at this is :)

http://users.suse.com/~jsegitz/files/README.txt
http://users.suse.com/~jsegitz/files/SLES%20ES%20platform-7.4-x86_64-CHECKSUM
http://users.suse.com/~jsegitz/files/SLES%20ES%20platform-7.4-x86_64-DVD.iso
http://users.suse.com/~jsegitz/files/SLES%20ES%20platform-netinst-7.4-x86_64.iso
http://users.suse.com/~jsegitz/files/build-x86_64.log.gz
http://users.suse.com/~jsegitz/files/shim_cert.tar.gz
http://users.suse.com/~jsegitz/files/shim_cert.tar.gz.sha256
http://users.suse.com/~jsegitz/files/shimia32.efi
http://users.suse.com/~jsegitz/files/shimia32.efi.sha256
http://users.suse.com/~jsegitz/files/shimx64.efi
http://users.suse.com/~jsegitz/files/shimx64.efi.sha256

Johannes

GPG Key E7C81FA0 EE16 6BCE AD56 E034 BFB3 3ADD 7BF7 29D5 E7C8 1FA0
Subkey fingerprint: 250F 43F5 F7CE 6F1E 9C59 4F95 BC27 DD9D 2CC4 FD66
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs

What organization or people are asking to have this signed:

HP Inc.

What product or service is this for:

HP ThinPro

What's the justification that this really does need to be signed for the whole world to be able to boot it:

HP would like ThinPro to be bootable on any device without disabling SecureBoot.

Who is the primary contact for security updates, etc.

Name: Eniac Zhang
Position: Engineer
Email address: [email protected]
PGP key, signed by the other security contacts, and preferably also with signatures that are reasonably well known in the linux community: n/a

Who is the secondary contact for security updates, etc.

Name: Clemenceau, Matthieu <[email protected]>
Position: Manager
Email address: [email protected]
PGP key, signed by the other security contacts, and preferably also with signatures that are reasonably well known in the linux community: n/a

What upstream shim tag is this starting from:

https://github.com/rhboot/shim/tree/13

URL for a repo that contains the exact code which was built to get this binary:

https://github.com/eniaczhp/ThinProShim/tree/20181001

What patches are being applied and why:

abort_abort_abort.patch: define abort to avoid an unnecessary reloc.

What OS and toolchain must we use to reproduce this build? Include where to find it, etc. We're going to try to reproduce your build as close as possible to verify that it's really a build of the source tree you tell us it is, so these need to be fairly thorough. At the very least include the specific versions of gcc, binutils, and gnu-efi which were used, and where to find those binaries.

See method.txt for configuration details

Which files in this repo are the logs for your build? This should include logs for creating the buildroots, applying patches, doing the build, creating the archives, etc.

See build.log

Put info about what bootloader you're using, including which patches it includes to enforce Secure Boot here:

It's grub2 with the well known set of secure boot patches (among other patches.)

Put info about what kernel you're using, including which patches it includes to enforce Secure Boot here:

It's currently targeted to ship with 4.18.7 kernel, which has the well known set of secure boot patches.

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  jsegitz/shim-review/tree/suse-shim-ia32+x64-20181205
• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs

What organization or people are asking to have this signed:

SUSE, https://www.suse.com/

What product or service is this for:

SLES Expanded Support platform 7, provided within the
"SUSE Linux Enterprise Server with Expanded Support" program,
https://www.suse.com/products/expandedsupport/

What is the origin and full version number of your shim?

The origin is shim-15-1.el7 available through https://git.centos.org/summary/?r=rpms/shim.git
which tarball in turn completely matches shim 15 at https://github.com/rhboot/shim/releases/tag/15

Full version number of our shim: shim 15
Source RPM version: shim-15-1.el7.1 (included inside build-shim.tar)
Tarball sha256sum:
473720200e6dae7cfd3ce7fb27c66367a8d6b08233fe63f01aa1d6b3888deeb6 shim-15.tar.bz2

What's the justification that this really does need to be signed for the whole world to be able to boot it:

It is a part of a commercial support offering advertised publicly

How do you manage and protect the keys used in your SHIM?

The key is installed in a machine with restricted physical and system access.
Shim binaries do not include private portions of the key.

Do you use EV certificates as embedded certificates in the SHIM?

Yes

What is the origin and full version number of your bootloader (GRUB or other)?

The origin of GRUB is CentOS 7 git https://git.centos.org/summary/?r=rpms/grub2.git
Source RPM is included for reference inside extra-srpms.tar: grub2-2.02-0.76.el7.src.rpm
Full version: grub2-2.02-0.76.el7

If your SHIM launches any other components, please provide further details on what is launched

N/A

How do the launched components prevent execution of unauthenticated code?

GRUB and kernel are patched to enforce Secure Boot.

Secure Boot enforcing is identical to available with grub2 within
Red Hat Enterprise Linux 7 and CentOS 7, for example:

https://git.centos.org/summary/?r=rpms/grub2.git
0093-Don-t-allow-insmod-when-secure-boot-is-enabled.patch
0220-Add-secureboot-support-on-efi-chainloader.patch
0221-Make-any-of-the-loaders-that-link-in-efi-mode-honor-.patch
0225-Rework-even-more-of-efi-chainload-so-non-sb-cases-wo.patch

Source RPM is included for reference inside extra-srpms.tar: grub2-2.02-0.76.el7.src.rpm

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

No

What kernel are you using? Which patches does it includes to enforce Secure Boot?

kernel-3.10.0-957.el7 is used. This kernel is identical to the one of Red Hat Enterprise
Linux 7 and CentOS 7, available through CentOS git: https://git.centos.org/summary/?r=rpms/kernel.git

Source RPM is included for reference inside extra-srpms.tar: kernel-3.10.0-957.el7.src.rpm

Kernel has EFI_SECURE_BOOT_SECURELEVEL kernel config option set disabling loading of untrusted code into kernel mode
and functionality around this option.

What changes were made since your SHIM was last signed?

Update to upstream version 15.

What is the hash of your final SHIM binary?

shimia32.efi
sha256sum: 881c3d8981ccbe0d1efe3efcd78f842dacd7519923ee60619f20464be4b739f8
hash: c127f0eefc2e451989d88e4d1da8a3b08ca9d5884987a6157e04e9a71c01adfc

shimx64.efi
sha256sum: c167818fd5c06d75766da2a86bf0e5c000c495b981a3a2aaaea375ce56969258
hash: 7f49ccb309323b1c7ab11c93c955b8c744f0a2b75c311f495e18906070500027

Date: Tue, 24 Oct 2017 13:19:49 +0200
From: Volker Denkhaus
Subject: [Shim-review] Toolhouse Shim review request - Sysdev Submission #1967634

Hello to all,

Please review our signing request for Microsoft Sysdev Submission #1967634 based on the shim git repo (V.13).

The Shim, README.TXT and additional information can be found at https://www.toolhouse.de/partnerdownload/shim/shim-th.zip.

Please let me know any questions you might have. Thank you in advance.

Volker Denkhaus

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs

What organization or people are asking to have this signed:

Red Hat, Inc.

Version of shim:

shim 15

Sysdev Submission ID:

13878941703416604 14046466687601848

What product or service is this for:

Red Hat Enterprise Linux 7.6

What's the justification that this really does need to be signed for the whole world to be able to boot it:

We're a major bigtime OS vendor

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  https://github.com/Jetico/shim-review
• completed README.md file with the necessary information
  make VENDOR_CERT_FILE=pub_cert.der
• shim.efi to be signed
  https://github.com/Jetico/shim-review/blob/master/bootx64.efi
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
  https://github.com/Jetico/shim-review/blob/master/pub_cert.der
• any extra patches to shim via your own git tree or as files
  https://github.com/Jetico/shim-review/blob/master/shim.patch
• any extra patches to grub via your own git tree or as files
  https://github.com/Jetico/shim-review/blob/master/grub_patch.diff
• build logs
  https://github.com/Jetico/shim-review/blob/master/build.log

What organization or people are asking to have this signed:

Jetico Inc. Oy https://www.jetico.com/

What product or service is this for:

BCWipe Total WipeOut
https://www.jetico.com/data-wiping/wipe-hard-drives-bcwipe-total-wipeout

What is the origin and full version number of your shim?

shim-15

What's the justification that this really does need to be signed for the whole world to be able to boot it:

Jetico products are trusted by government and military agencies, all of the top 10 U.S. defense contractors, many national laboratories, as well as various other enterprises and a wide global base of home and small business users in over 100 countries.

How do you manage and protect the keys used in your SHIM?

It is stored on e-Token
Physically isolated
Only one person has access to it

Do you use EV certificates as embedded certificates in the SHIM?

Yes

What is the origin and full version number of your bootloader (GRUB or other)?

GRUB 2.02

If your SHIM launches any other components, please provide further details on what is launched

Custom Linux build with our bcwipe application

How do the launched components prevent execution of unauthenticated code?

Components are protected by digital signatures, signed with our private key and verified by this shim build with our public key, which is embedded into application code.

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

No

What kernel are you using? Which patches does it includes to enforce Secure Boot?

kernel 4.19.2

What changes were made since your SHIM was last signed?

This is first submission.

What is the hash of your final SHIM binary?

sha256
368a698a60df3fe2a95d782d35e651f079816813365ae2acde2537a9d206c917

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  https://github.com/cisco/sto-uefi-secure-bootloader/tree/cisco-shim-x64-20180802
• completed README.md file with the necessary information
  https://github.com/cisco/sto-uefi-secure-bootloader/blob/cisco-shim-x64-20180802/shim-review/README.md
• shim.efi to be signed
  https://github.com/cisco/sto-uefi-secure-bootloader/blob/cisco-shim-x64-20180802/shim-review/shimx64.efi
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
  https://github.com/cisco/sto-uefi-secure-bootloader/blob/cisco-shim-x64-20180802/shim-review/cisco_virtual_root.der
• any extra patches to shim via your own git tree or as files
  none
• any extra patches to grub via your own git tree or as files
  none
• build logs
  https://github.com/cisco/sto-uefi-secure-bootloader/blob/cisco-shim-x64-20180802/shim-review/build.log

What organization or people are asking to have this signed:

Cisco Systems IANA Enterprise Number 9

Version of shim:

https://github.com/rhboot/shim/releases/tag/14

Sysdev Submission ID:

UEFI File Submission ID: 13985242977356081

What product or service is this for:

Cisco Appliances and Virtual products that are using Linux based Operating Systems

What's the justification that this really does need to be signed for the whole world to be able to boot it:

Customers using Cisco Virtual products that run on 3rd party servers (DELL, HP...) do not have permissions to change the UEFI db and add our keys. The Microsoft signed SHIM allows these products to securely run on those platforms

NB: This request is not a duplicate of #33
This shim incorporates the new Oracle UEFI signing key. We need both shims for a transition period.

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs

What organization or people are asking to have this signed:

Oracle Corporation

What product or service is this for:

Oracle Linux
https://www.oracle.com/linux/index.html

What is the origin and full version number of your shim?

We have used upstream shim version 15
https://github.com/rhboot/shim/releases/tag/15

What's the justification that this really does need to be signed for the whole world to be able to boot it:

Oracle Linux is a popular enterprise Linux distribution with Secure Boot support.

How do you manage and protect the keys used in your SHIM?

The key is installed in the server with restricted physical and system access

Do you use EV certificates as embedded certificates in the SHIM?

Yes

What is the origin and full version number of your bootloader (GRUB or other)?

grub2 - upstream plus number of patches from RedHat and Oracle

If your SHIM launchers any other components, please provide further details on what is launched

[your text here]

How do the launched components prevent execution of unauthenticated code?

grub verifies signatures on booted kernels

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

no

What kernel are you using? Which patches does it includes to enforce Secure Boot?

UEK5 is based on 4.14 upstream version plus lock down patches for Secure Boot

What changes were made since your SHIM was last signed?

Shim version upgrade

What is the hash of your final SHIM binary?

6298ebfe23af8fd91027fb75f9c841b067a1baebc512a9ce0a11806bd1e9cb12 shimia32.efi
3f3ec782ea8423b9854dc86ccf6726db6bd91684c8a764693b3d28d369d6f574 shimx64.efi

Link to shim tag: https://github.com/AlexeyPetrenkoOracle/shim-review/releases/tag/oracle-shim-15-1.0.3.el7-x86_64-20181010

Public certificate:
-----BEGIN CERTIFICATE-----
MIIF2zCCBMOgAwIBAgIQA+YFGHHEE60dWTdlqxCjpDANBgkqhkiG9w0BAQsFADBs
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25p
bmcgQ0EgKFNIQTIpMB4XDTE4MTAwODAwMDAwMFoXDTIxMTIyMjEyMDAwMFowgfEx
EzARBgsrBgEEAYI3PAIBAxMCVVMxGTAXBgsrBgEEAYI3PAIBAhMIRGVsYXdhcmUx
HTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRAwDgYDVQQFEwc0MDI4MTI1
MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEVMBMGA1UEBxMMUmVk
d29vZCBDaXR5MRswGQYDVQQKExJPcmFjbGUgQ29ycG9yYXRpb24xGzAZBgNVBAsT
Ek9yYWNsZSBDb3Jwb3JhdGlvbjEbMBkGA1UEAxMST3JhY2xlIENvcnBvcmF0aW9u
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkvcd/qAEUeN9JpqzSGuh
7Azuy9FN2+ZwOZ0/WqWGBOxnDbVAKDIAxMT/XdezrtRGzGHwEDrKU3Wo1SOsZeNa
DXCy4mWxiXwYj4rvoDbwpq+uqFBs3fies1/YpHkx8SsOhuDGFdmLaXriYh8QyNHy
gqYUeaYNAcN4h7Cpxzthp3ER6Xx9giI597Ee9UArXzgmPH54UbJs2+8xflz9M7n4
GUhf9cTMmd1StSM0gJ6JmyTtqjl/QjCTFho6lN1MeWxKPBcUBP3ThQi3cEqvGixc
SwQ2ILbg3a+qXGa3EozK7FlZFf+bnRVu8wBECBh6oR+3P0TTeKWh2hZ9Tmjbxe1G
nwIDAQABo4IB8TCCAe0wHwYDVR0jBBgwFoAUj+h+8G0yagAFI8dwl2o6kP9r6tQw
HQYDVR0OBBYEFH9Vm46dngUYNICnFJ5aHeC8JlraMC4GA1UdEQQnMCWgIwYIKwYB
BQUHCAOgFzAVDBNVUy1ERUxBV0FSRS00MDI4MTI1MA4GA1UdDwEB/wQEAwIHgDAT
BgNVHSUEDDAKBggrBgEFBQcDAzB7BgNVHR8EdDByMDegNaAzhjFodHRwOi8vY3Js
My5kaWdpY2VydC5jb20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3JsMDegNaAzhjFo
dHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRVZDb2RlU2lnbmluZ1NIQTItZzEuY3Js
MEsGA1UdIAREMEIwNwYJYIZIAYb9bAMCMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v
d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwBwYFZ4EMAQMwfgYIKwYBBQUHAQEEcjBwMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSAYIKwYBBQUHMAKG
PGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEVWQ29kZVNpZ25p
bmdDQS1TSEEyLmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAv
yMvkUcvctEwi+tJSviZ9TpvhI/pQvNpRoMyPkI3zlNWb6b+luJ0KLr3vgJRIk7un
u37gYJ6AfBnPrXmGyJykp13+qE5Xr/LBkvnpwIxxwjELLttRIi4u5aG7N/shIRcM
ASORa02c8TO1SeoxwjXcuTveGDJE4hmCMD19FMUKMf5bZJNFLyhl+XavG+mAAXZ2
YIp69dO8Q1CCIXzg6MJ45j7nSaXf6akAX2bm0IfJpXhUwfHM0rUGCyQI2TQwpp+/
8eg8hkganUOOPhZA1V5MVg8jFME9WnL08Zyrf7fH7M9rTOR+Y88JOtogmb698P3g
aE3h/+nD3ZP72Yj5AXhK
-----END CERTIFICATE-----

Hi,

I have a short question on shim-review project and what it is for. So basically it's for signing a shim bootloader, which loads a GRUB2 bootloader afterwards. That's clear so far. For loading next stage (Linux kernel, etc...) the GRUB2 is responsible and therefor you are out of it and only check if the shim loads the GRUB2 correct?

What if it comes to the following scenario:

shim -> GRUB2 -> chainload bootmgfw

the chainloaded bootmgfw has been signed by our KEK, which is built-in shim so that the verification succeeds within GRUB2. If I understood it correctly GRUB2 uses the verification methods provided by shim when executing LoadImage() and StartImage() first tries to valide using the MOKs (Machine Owner Keys) and if this fails with EFI_SECURITY_VIOLATION it will check if the built-in certificate will work for valication. In case the chainloaded bootmgfw would load itself other EFI components via LoadImage() and StartImage() it will have to use the same strategy for validation so that shim can validate as well - otherwise only the MOKs will be used and will again fail due to EFI_SECURITY_VIOLATION.

Is such a scenario also covered by the shim-review process and is it required to use a certain version of GRUB2 to get the shim with built-in certificate signed (e.g. latest version in rhboot project)? Signing a shim, which loads the bootmgfw directly is not supported, but with inserting the GRUB2 in between there should be no blocker any longer.

Thanks a lot for clarification!

Cheers

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  https://github.com/rhboot/shim/tree/0.9
• completed README.md file with the necessary information
  https://github.com/mattroisang/shim-review/blob/Solaris-shim-amd64-2018-05-24/README.md
• shim.efi to be signed
  https://github.com/mattroisang/shim-review/blob/Solaris-shim-amd64-2018-05-24/shim.efi
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
  https://github.com/mattroisang/shim-review/blob/Solaris-shim-amd64-2018-05-24/public.cer
• any extra patches to shim via your own git tree or as files
  Yes
• any extra patches to grub via your own git tree or as files
  Yes
• build logs
  https://github.com/mattroisang/shim-review/blob/Solaris-shim-amd64-2018-05-24/build.log

What organization or people are asking to have this signed:

Oracle Solaris

Version of shim:

Version 0.9

Sysdev Submission ID:

2291429

What product or service is this for:

Oracle Solaris OS

What's the justification that this really does need to be signed for the whole world to be able to boot it:

To secure boot solaris OS.

Hello,

As part of the Shim signing process as requested by Microsoft, I am kindly
asking you to approve our shim to get it signed by Microsoft.
You can download the shim package at:
http://git.altlinux.org/gears/s/shim.git

All the stuff requested by shim review board is at:
https://github.com/realnickel/shim-review.git

What organization or people are asking to have this signed:

Basealt Ltd. (Bazalt Svobodnoe Programmnoe Obespechenie, OOO)
https://www.basealt.ru

What product or service is this for:

OS ALT https://www.basealt.ru/go/download/

What is the origin and full version number of your shim?

https://github.com/rhboot/shim/releases/tag/15

What's the justification that this really does need to be signed for the whole world to be able to boot it:

OS ALT is a linux distribution supporting Secure Boot

How do you manage and protect the keys used in your SHIM?

Access to server used to sign binaries is restricted physically

Do you use EV certificates as embedded certificates in the SHIM?

no EV certs, but selfsigned altlinux-ca.cer is embedded

What is the origin and full version number of your bootloader (GRUB or other)?

GRUB2.02, elilo3.16, rEFInd0.11.4
http://git.altlinux.org/gears/g/grub.git
http://git.altlinux.org/gears/e/elilo.git
http://git.altlinux.org/gears/r/refind.git

If your SHIM launches any other components, please provide further details on what is launched

rEFInd0.11.4 in case of LiveCD or OS installer boot
grub2.02 in case of installed system

How do the launched components prevent execution of unauthenticated code?

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

What kernel are you using? Which patches does it includes to enforce Secure Boot?

Linux Kernel: 4.14 (std-def: standard longterm kernel), http://git.altlinux.org/gears/k/kernel-image-std-def.git;
4.19 (un-def: more modern than std-def and with forced preemption enabled), http://git.altlinux.org/gears/k/kernel-image-un-def.git?p=kernel-image-un-def.git;a=summary

What changes were made since your SHIM was last signed?

Upstream version update (0.4 -> 15)

What is the hash of your final SHIM binary?

479b62c0a762692c45ff9f25c56789c1ede85982e2415f37b6d756de6b685b12 shimia32.efi 2bceb0c2a625ee289218dcc30a7eef8caa9551af82a2af1aba75d2a668c01094 shimx64.efi

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  https://github.com/AdvancedDesignCorp/shim-review/tree/DS-shim-x86_64-20181012
• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs

What organization or people are asking to have this signed:

Advanced Design Corp. (https://www.a-d.co.jp/)

What product or service is this for:

DataSweeper (This refers to methods of totally erasing data from storage media that can then be reused.)

What is the origin and full version number of your shim?

15

What's the justification that this really does need to be signed for the whole world to be able to boot it:

The loader is used to load and start our native UEFI based pre-boot authentication.
It's essential to be able to provide software that works with every machine that has Secure Boot enabled.

How do you manage and protect the keys used in your SHIM?

Only public keys are in SHIM as it verifies signatures of loaded components.

Do you use EV certificates as embedded certificates in the SHIM?

No

What is the origin and full version number of your bootloader (GRUB or other)?

grub2 2.02+dfsg1-12

If your SHIM launchers any other components, please provide further details on what is launched

No

How do the launched components prevent execution of unauthenticated code?

N/A

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

grub2 2.02+dfsg1-12

What kernel are you using? Which patches does it includes to enforce Secure Boot?

Currently targeted to ship with 4.14.xx kernel.
No additional modifications or patches applied.

What changes were made since your SHIM was last signed?

N/A

What is the hash of your final SHIM binary?

(sha256) ad49b4afbec5cf763b9ea97347c7a397802f0ba79412d2e4caa2e0b7776ca9b5 shimx64.efi

Date: Thu, 2 Nov 2017 13:26:05 +0000
From: Victor Gonzalo
Subject: [Shim-review] Blancco Technology Group shim review request (Submission ID: 1965978)

Hi
We are adding secure boot support. In order (naively ;)) to speed up the review processes
we took the shim and grub2 sources from Red Hat github repositories and submitted the
shim binary with our certificate to MS for signing.
A couple of days ago I was accepted into this mailing list. We have prepared the review
material in a tarball that can be found here:
http://download.blancco.com/downloads/blancco_shim_review/blancco_shim_review.tar.xz
Some of it is missing, as we didn't know about this by then, but I'd be happy to answer any
question that may arise.

Thanks a lot

-Víctor Gonzalo
Senior Software Engineer - Blancco Technology Group

Date: Thu, 12 Oct 2017 15:32:48 +0000
From: Alexey Kalgin
Subject: [Shim-review] Full Disk Encryption from EgoSecure - signing required

Dear Colleagues,

EgoSecure is a European-based security vendor specializing on Endpoint Data Security solutions.
We want to support Secure Boot in our Full Disk Encryption product. Please find our submission using this link:
https://egosecure.com/wp-content/uploads/2017/10/submission.tar

Feel free to contact us in case of any questions.

Best regards,
Alexey Kalgin
Head of Product Management

Hi, I told MS that I would provide some feedback that would hopefully smooth out the process for us non GIT experts. The instructions for ISSUE_TEMPLATE.md (below) and the ones in README.md (which I also put below) are a little confusing. Example, I figured out how to clone the repo (using tortoise git in windows), So then I updated the .md files, I copied in the shimx64.efi file, I saw something about commit on the right click menu so I did that, then I saw some tag option, did that, then I tried to push it and nothing but access denied. Another thing was how to create a git repo of the files used to compile. Okay, I fumbled through that and got it to work, but still not clear on the whole thing.

I would suggest creating a tutorial webpage (even if here in the git) on how to do things from linux and windows. I'd suggest having a new folder under shim-review called something like shim-for-review/source and shim-for-review/patches, have people branch shim-review, then they clone or pull down the branched copy, then they update the .md files, add the shim binary and build-instructions.txt under shim-for-review, the source files under shim-for-review/source and any patches to shim-for-review/patches (explain in instructions how to add the files and new subdirs and commit), then have them push that, (they could then put an issue either on the main shim-review or the newly branched version that it's ready for review) you could then just manage the branched version with everything in once place and everything consistent. People would be able to follow the process via the tutorial webpage.

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  Huh?
• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs
  Why build logs? Some people may have already built before even knowing about this process. Ask for gcc version, openssl version, os version.

Here's the ones from README.md:

• clone this repo
• edit the template below
• add the shim.efi to be signed
• add build logs
• commit all of that
• tag it with a tag of the form "myorg-shim-arch-YYYYMMDD"
• push that to github
  access denied.
• file an issue at https://github.com/rhboot/shim-review/issues with a link to your tag

Date: Sat, 16 Dec 2017 14:05:44 +0800
Subject: [Shim-review] Shim review request for Deepin - MS Sysdev Submission #1935785

Hello Everyone.

I would like to request a shim review for Deepin to get it signed by UEFI CA. Submission id is #1935785.

Deepin (https://deepin.org/en) is yet another linux distribution based on Debian GNU/Linux. It has been actively maintained since 2011.
It is used in middle schools and governments in China.

Current submission is based on shim package found in Debian upstream repo. Only uefi-ca file is replaced by our own.
All of its content can be found at : https://github.com/xushaohua/shim-review. "shimx64-unsigned.efi" is the EFI file to be signed.

Regards,
Xu Shaohua

Wuhan Deepin Technology Co., Ltd.

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs

https://github.com/chscf/shim-review/tree/CPSD-shim-x86_64-20181114

What organization or people are asking to have this signed:

The company is called cpsd (https://www.cpsd.at/), located in Austria. We're working in the field of IT security, with our main focus on full disk encryption.

What product or service is this for:

The pre-boot authentication environment for our company's Full Disk Encryption CryptoPro Secure Disk (see https://www.cpsd.at/)

What is the origin and full version number of your shim?

shim-15

What's the justification that this really does need to be signed for the whole world to be able to boot it:

Because we want the whole world to use our product ;)

How do you manage and protect the keys used in your SHIM?

The private key is on a FIPS 140-2 token.

Do you use EV certificates as embedded certificates in the SHIM?

Yes

What is the origin and full version number of your bootloader (GRUB or other)?

see below

If your SHIM launches any other components, please provide further details on what is launched

shim loads a self-developed boot component which does all further authorization/os loading stuff.

How do the launched components prevent execution of unauthenticated code?

Our boot component does not load any unsigned binaries.

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

No

What kernel are you using? Which patches does it includes to enforce Secure Boot?

N/A

What changes were made since your SHIM was last signed?

Upgraded from shim-0.8 to shim-15

What is the hash of your final SHIM binary?

44ed00a46d11e631f334f8cfc3747b02b53e0e48b89e9641a0e4a1775f3121e1 shim-15-SCF-unsigned.efi

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  https://github.com/jsegitz/shim-review/tree/SUSE-SLES15-SP1-x64-20190123
• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs

What organization or people are asking to have this signed:

SUSE, https://suse.com/

What product or service is this for:

SUSE Linux Enterprice Server 15 SP1

What is the origin and full version number of your shim?

It is shim-15, up to rhboot/shim@b3e4d1f

What's the justification that this really does need to be signed for the whole world to be able to boot it:

Major linux distribution

How do you manage and protect the keys used in your SHIM?

The key is installed in a machine with restricted physical and system access.
Shim binaries do not include private portions of the key.

Do you use EV certificates as embedded certificates in the SHIM?

Yes

What is the origin and full version number of your bootloader (GRUB or other)?

• grub-2.02-21.1 with:
  • grub2-secureboot-chainloader.patch: Add secureboot support on efi chainloader. Expand the chainloader to be able to verify the image by means of shim lock protocol.
  • grub2-secureboot-no-insmod-on-sb.patch: Don't allow insmod when secure boot is enabled.

If your SHIM launches any other components, please provide further details on what is launched

N/A

How do the launched components prevent execution of unauthenticated code?

GRUB and kernel are patched to enforce Secure Boot.

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

No

What kernel are you using? Which patches does it includes to enforce Secure Boot?

kernel-4.12.14-29.1 is used with CONFIG_EFI_SECURE_BOOT_LOCK_DOWN=y

What changes were made since your SHIM was last signed?

Update to upstream version 15.

What is the hash of your final SHIM binary?

shim-sles.efi
sha256sum: f3727c065c11fcff293eb8ea3004b3d5becc5ed499ff9b6c13da64db4ee53d4a

Thank you!

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs

What organization or people are asking to have this signed:

Red Hat, Inc.

What product or service is this for:

CentOS Linux 7.6.1810

What is the origin and full version number of your shim?

shim 15

What's the justification that this really does need to be signed for the whole world to be able to boot it:

CentOS Linux is deployed on a high number of nodes already using it in SecureBoot mode enabled

How do you manage and protect the keys used in your SHIM?

Can't discuss this publicly, but hardware HSM is used

Do you use EV certificates as embedded certificates in the SHIM?

no

What is the origin and full version number of your bootloader (GRUB or other)?

grub2 rebuilt from upstream RHEL 7.6 tree, so https://git.centos.org/commit/rpms!grub2.git/28f7f8f0658e20412cba7a6af37539b1e1f567b2

If your SHIM launches any other components, please provide further details on what is launched

nothing else than grub2 and then kernel

How do the launched components prevent execution of unauthenticated code?

Our CI test shows that trying to boot an unsigned kernel isn't working, while a correct pesigned one works

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

NO

What kernel are you using? Which patches does it includes to enforce Secure Boot?

official RHEL 7.6 rebuild kernel.src.rpm

What changes were made since your SHIM was last signed?

new release, so bumped from shim v12 to shim v15

What is the hash of your final SHIM binary?

a69a1a415838825f0b7d78f852905366ac21465a935e2211da8ac0c603d68ec1 usr/share/shim/x64-15-1.el7.centos/shimx64.efi

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  drivelock/shim_review@drivelock-shim-arch-20180825
• completed README.md file with the necessary information
  See drivelock/shim_review@drivelock-shim-arch-20180825
• shim.efi to be signed
  See drivelock/shim_review@drivelock-shim-arch-20180825 (bootX64.efi)
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
  See drivelock/uefiloader/blob/master/shimlib/shim_cert_DL.h
• any extra patches to shim via your own git tree or as files
  See drivelock/uefiloader@drivelock-shim-arch-20180825
• any extra patches to grub via your own git tree or as files
  None
• build logs
  See drivelock/shim_review@drivelock-shim-arch-20180825 (build.log)

What organization or people are asking to have this signed:

DriveLock SE (https://www.drivelock.com)

What product or service is this for:

DriveLock Disk Protection (a full disk encryption with pre-boot authentication)

What is the origin and full version number of your shim?

https://github.com/rhboot/shim/tree/0.8

What's the justification that this really does need to be signed for the whole world to be able to boot it:

DriveLock Disk Protection is a full disk encryption product with pre-boot authentication used on thousands of computers.
The loader is used to load and start our native UEFI based pre-boot authentication.
It's essential to be able to provide software that works with every machine that has Secure Boot enabled.

How do you manage and protect the keys used in your SHIM?

Only public keys are in the SHIM as it verifies signatures of loaded components.

Do you use EV certificates as embedded certificates in the SHIM?

Yes

What is the origin and full version number of your bootloader (GRUB or other)?

Windows is booted (so no Linux bootloader is used)

If your SHIM launchers any other components, please provide further details on what is launched

SHIM launches Pre-boot authentication components (native EFI application and EFI drivers for smart card and keyboard)

How do the launched components prevent execution of unauthenticated code?

SHIM verifies digital signatures of launched components and can only launch components signed with the embedded certificate.

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

No

What kernel are you using? Which patches does it includes to enforce Secure Boot?

Windows 7, 8, 10

What changes were made since your SHIM was last signed?

Previous version was signed by Microsoft. We changed the certificate used due to change of the company name. Microsoft asked us to let the SHIM review board do a review of the SHIM.

What is the hash of your final SHIM binary?

dfa7a11aedca5bc092241aa6d9f5d83dda2097da86f2ed7140e4c8a910f7d7e8 (SHA256)

May I know where to get patches for Linux 4.19 kernel secure boot?

Date: Mon, 11 Sep 2017 13:18:55 -0600
From: Daniel Pedigo
Subject: [Shim-review] RESEND: WhiteCanyon Shim Review

This is being resubmitted due to a lack of response to our original
submission on 8/3.

Hi all,
We were unaware of this review process and as such were directed here by
Microsoft after submitting our shim.
The linked tarball has a readme with answers to the questions we found
listed here: https://pjones.fedorapeople.org/shim-signing-procedure.html.
Shims: https://orem.whitecanyon.com/downloads/dev/shims.tar.gz
Let me know if we've missed anything.

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs

What organization or people are asking to have this signed:

秦皇岛易之数软件开发有限公司
Isoo (Qinhuangdao) software development Co., Ltd.
Qinhuangdao, Hebei, China
Isoo is a software developer for data recovery, disk utilities and system backup.
Managing Director: Hao Binnan

Version of shim:

https://github.com/rhboot/shim/tree/14
Version: 14

Sysdev Submission ID:

ID: 2006375 (Name: shimia32_isoouefiboot_20180224)
ID: 2006374 (Name: shimx64_isoouefiboot_20180224)

What product or service is this for:

This is Isoo’s Linux-based operating system. We are going to develop some function based on the OS, such as resize partition, back up & restore operating system, etc.

What's the justification that this really does need to be signed for the whole world to be able to boot it:

Isoo wants to employ Secure Boot for building a trusted operating system from Shim to GRUB to the kernel to signed filesystem partitions. Secure Boot is the first step for this.
Isoo would like customers to be able to run Isoo’s Linux-based system on any amd64(64Bit) and x86(32Bit) device without disabling Secure Boot.

https://github.com/haobinnan/shim-review/tree/isoo-shim-20180312

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  neverware/shim-review@neverware-shim-20180820
• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs

What organization or people are asking to have this signed:

Neverware Inc. (https://www.neverware.com)

Version of shim:

15

Sysdev Submission ID:

Microsoft told us to get approval from the shim review board before submitting it to them.

What product or service is this for:

CloudReady

What's the justification that this really does need to be signed for the whole world to be able to boot it:

CloudReady is a Linux distro; we'd like to encourage people to boot our OS with secure boot enabled.

Note: our submission was previously reviewed here: #21. Unfortunately I had not realized our certificate was close to expiration. Our new shim build should be identical to the previous release, except with a renewed certificate valid until September 2020.

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  https://github.com/KasperskyLab/shim-review/tree/KasperskyLab-shim-x86_64-20181102
• completed README.md file with the necessary information
  https://github.com/KasperskyLab/shim-review/blob/KasperskyLab-shim-x86_64-20181102/README.md
• shim.efi to be signed
  https://github.com/KasperskyLab/shim-review/blob/KasperskyLab-shim-x86_64-20181102/shimx64.efi
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
  https://github.com/KasperskyLab/shim/blob/shim_15_kl_patch_tag/KLBOOTEV_2018.cer
• any extra patches to shim via your own git tree or as files
  https://github.com/KasperskyLab/shim/tree/shim_15_kl_patch_tag
• any extra patches to grub via your own git tree or as files
  N/A
• build logs
  https://github.com/KasperskyLab/shim-review/blob/KasperskyLab-shim-x86_64-20181102/build.log

What organization or people are asking to have this signed:

Kaspersky Lab.

What product or service is this for:

Kaspersky Lab's products.

What is the origin and full version number of your shim?

https://github.com/rhboot/shim/tree/15

What's the justification that this really does need to be signed for the whole world to be able to boot it:

Kaspersky Shim is a common component for some of Kaspersky Lab's products.
It loads a universal plugin manager for various features: Full disk encryption, Rescue Disk and Early boot protection component.

How do you manage and protect the keys used in your SHIM?

Private key is stored in hardware module with controlled access.

Do you use EV certificates as embedded certificates in the SHIM?

Yes.

What is the origin and full version number of your bootloader (GRUB or other)?

GRUB or Linux kernel is not used.

This build of shim will be used to load and verify our custom preboot components.
Windows loader will be launched after that.

If your SHIM launches any other components, please provide further details on what is launched

Full disk encryption, Rescue Disk, Early boot protection component.

How do the launched components prevent execution of unauthenticated code?

All our components are signed with authenticode signatures and always verified during loading.
Windows loader is signed by Microsoft, it launched with LoadImage/StartImage and will be verified by firmware when SecureBoot is on.

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

No.

What kernel are you using? Which patches does it includes to enforce Secure Boot?

We launch Windows loader and kernel.

What changes were made since your SHIM was last signed?

This is first submission.

What is the hash of your final SHIM binary?

414065ca4238bfff0ce2601ac4ac924bc8da98b0b75c0a81cde78f05f5de869a

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  neverware/shim-review@neverware-shim-20180723
• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs

What organization or people are asking to have this signed:

Neverware Inc. (https://www.neverware.com)

Version of shim:

15

Sysdev Submission ID:

Microsoft told us to get approval from the shim review board before submitting it to them.

What product or service is this for:

CloudReady

What's the justification that this really does need to be signed for the whole world to be able to boot it:

CloudReady is a Linux distro; we'd like to encourage people to boot our OS with secure boot enabled.

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag:

https://github.com/CanonicalLtd/shim-review/tree/ubuntu-shim-amd64+arm64-20180822

• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs

What organization or people are asking to have this signed:

Ubuntu

Version of shim:

shim 15-based snapshot, up to commit 3beb971

What product or service is this for:

Ubuntu

What's the justification that this really does need to be signed for the whole world to be able to boot it:

This is a well-known Linux distro.

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  https://github.com/matrix42epe/shim-review/tree/matrix42-shim-x86_64-20180803
• completed README.md file with the necessary information
  https://github.com/matrix42epe/shim-review/blob/matrix42-shim-x86_64-20180803/README.md
• shim.efi to be signed
  https://github.com/matrix42epe/shim-review/blob/matrix42-shim-x86_64-20180803/shim.efi
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
  https://github.com/matrix42epe/shim-review/blob/matrix42-shim-x86_64-20180803/MX42_CERT/matrix42.der
• any extra patches to shim via your own git tree or as files
  None, but this state was improved by some changes to add some network boot related capabilities (files netboot.c and shim.c).
• any extra patches to grub via your own git tree or as files
  https://github.com/matrix42epe/shim-review/tree/matrix42-shim-x86_64-20180803/Grub/patches
• build logs
  https://github.com/matrix42epe/shim-review/tree/matrix42-shim-x86_64-20180803/buildlogs

What organization or people are asking to have this signed:

Matrix42 AG
Elbinger Straße 7
60487 Frankfurt am Main (Germany)
https://www.matrix42.com/

Version of shim:

0.9

Sysdev Submission ID:

14574969938018768

What product or service is this for:

Matrix42 Unified Endpoint Management; Empirum

What's the justification that this really does need to be signed for the whole world to be able to boot it:

The Matrix42 product is comparable to Microsoft SCCM to deploy operating systems in enterprise environments within a corporate network. Our customers use the product Matrix42 Unified Endpoint Management, and here the Empirum OS Installer module to install virtual hardware, personal computers or laptops with a Windows 7 or Windows 10 operating system - including Secure Boot. Our Tool is using a linux based Preinstallation Environment, called EPE, for installation Linux or Windows based operating systems in the customer’s environment. We’d like to use SHIM to support secure boot for os deployments via PXE scenarios in corporate environments. For example an OEM Hardware is delivered with activated secure boot by default and this includes the PXE boot. It is important to understand that our customers are deploying many computers at the same time, which requires a full unattended and silent installation process. Therefore it is necessary to support OS installations without manual steps - or interruptions - and without the need to configure BIOS/UEFI options.

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  keleg/shim-review@ntcitrosa-shim-ia32-20190211
• completed README.md file with the necessary information
  https://github.com/keleg/shim-review/blob/ntcitrosa-shim-ia32-20190211/README.md
• shim.efi to be signed
  https://github.com/keleg/shim-review/blob/ntcitrosa-shim-ia32-20190211/shimia32.efi
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
  https://github.com/keleg/shim-review/blob/ntcitrosa-shim-ia32-20190211/rosa.cer
• any extra patches to shim via your own git tree or as files
  https://abf.io/signer/shim-unsigned
• any extra patches to grub via your own git tree or as files
  https://abf.io/import/grub2
• build logs
  https://abf.io/build_lists/2962088

What organization or people are asking to have this signed:

LLC "NTC IT ROSA"

What product or service is this for:

"ROSA Fresh" - Linux Desktop

What is the origin and full version number of your shim?

https://github.com/rhboot/shim/tree/13

What's the justification that this really does need to be signed for the whole world to be able to boot it:

ROSA Fresh is a non-profit Linux distribution developed by the community and has a long history. Is deployed on a high number of nodes already using it in SecureBoot mode enabled.

How do you manage and protect the keys used in your SHIM?

Shim has the public key of the EV Code Signing key pair (issued by DigiCert) built-in. The key is used to validate GRUB boot loader. No private keys are embedded.Shim binary itself is signed, so the built-in public key cannot be modified or removed without making the signature invalid. This guarantees that if shim has been tampered with and is then used in SecureBoot environments, this will be detected immediately.

Do you use EV certificates as embedded certificates in the SHIM?

Shim has the public key of the EV Code Signing key pair (issued by DigiCert) built-in.

What is the origin and full version number of your bootloader (GRUB or other)?

The source code of GRUB is available here: ftp://ftp.gnu.org/gnu/grub/grub-2.02.tar.xz <ftp://ftp.gnu.org/gnu/grub/grub-2.02.tar.xz>. The patches to GRUB 2.02 specific to ROSA Linux, as well as build scripts, are available here: https://abf.io/import/grub2

If your SHIM launches any other components, please provide further details on what is launched

Apart from the boot loader (GRUB), shim can launch MokManager tool (developed alongside shim, https://github.com/rhboot/shim )

How do the launched components prevent execution of unauthenticated code?

Same as GRUB, MokManager executable must be signed with the appropriate key (EV Code Signing) for shim to validate and launch it. MokManager itself executes no unauthenticated code.

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

Shim launches GRUB

What kernel are you using? Which patches does it includes to enforce Secure Boot?

Our current kernel is based on the kernel 4.15.0-45.48-generic from Ubuntu 18.04 LTS (http://kernel.ubuntu.com/git/kernel-ppa/mirror/ubuntu-bionic.git/), which already contains the patches to enforce SecureBoot as needed. We have no additional SecureBoot-related patches on top of that.

Our patches, configs and build instructions for the kernel (RPM spec file) are available here: https://abf.io/import/kernel-desktop-4.15

What changes were made since your SHIM was last signed?

This is an update from v0.9 to v13. From the changelog:
* MokManager: Stop using EFI_VARIABLE_APPEND_WRITE
* Better PCR usage for TPM
* Use authenticode signature length from WIN_CERTIFICATE structure
* More configurable build via make variables
* Workaround for signtool.exe bugs
* Bug fix for wrong options passed to second stage
* generate_hash(): fix the regression
* Ignore BDS when it tells us we got our own path on the command line
* Handle various different load option implementation differences
* TPM 1 and TPM 2 support`
* Use OpenSSL 1.0.2k
* Lots of minor bug fixes

What is the hash of your final SHIM binary?

sha256: a534a3c612472d517c20cc8771ec90bd5e59e285549ea16e54fff705a5e15415 shimia32.efi

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  https://github.com/rhboot/shim/tree/15
• completed README.md file with the necessary information
  https://github.com/haobinnan/shim-review/blob/isoo-shim-20180609/README.md
• shim.efi to be signed
  https://github.com/haobinnan/shim-review/blob/isoo-shim-20180609/shim/shimia32.efi
  https://github.com/haobinnan/shim-review/blob/isoo-shim-20180609/shim/shimx64.efi
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
  https://github.com/haobinnan/shim-review/blob/isoo-shim-20180609/Isoo.cer
• any extra patches to shim via your own git tree or as files
  None.
• any extra patches to grub via your own git tree or as files
  None.
• build logs
  https://github.com/haobinnan/shim-review/blob/isoo-shim-20180609/shim%20build%20logs/shim_build_ia32.log
  https://github.com/haobinnan/shim-review/blob/isoo-shim-20180609/shim%20build%20logs/shim_build_x64.log

What organization or people are asking to have this signed:

秦皇岛易之数软件开发有限公司
Isoo (Qinhuangdao) software development Co., Ltd.
Qinhuangdao, Hebei, China
Isoo is a software developer for data recovery, disk utilities and system backup.
Managing Director: Hao Binnan

Version of shim:

https://github.com/rhboot/shim/tree/15
Version: 15

Sysdev Submission ID:

ID: 2313431 (Name: shimx64_v15)
ID: 2313430 (Name: shimia32_v15)

What product or service is this for:

This is Isoo’s Linux-based operating system. We are going to develop some function based on the OS, such as resize partition, back up & restore operating system, etc.

What's the justification that this really does need to be signed for the whole world to be able to boot it:

Isoo wants to employ Secure Boot for building a trusted operating system from Shim to GRUB to the kernel to signed filesystem partitions. Secure Boot is the first step for this.
Isoo would like customers to be able to run Isoo’s Linux-based system on any amd64(64Bit) and x86(32Bit) device without disabling Secure Boot.

https://github.com/haobinnan/shim-review/tree/isoo-shim-20180609

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  keleg/shim-review@ntcitrosa-shim-x64-20181129
• completed README.md file with the necessary information
  https://github.com/keleg/shim-review/blob/ntcitrosa-shim-x64-20181129/README.md
• shim.efi to be signed
  https://github.com/keleg/shim-review/blob/ntcitrosa-shim-x64-20181129/shimx64.efi
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
  https://github.com/keleg/shim-review/blob/ntcitrosa-shim-x64-20181129/rosa.cer
• any extra patches to shim via your own git tree or as files
  https://abf.io/signer/shim-unsigned
• any extra patches to grub via your own git tree or as files
  https://abf.io/import/grub2
• build logs
  https://abf.io/build_lists/2953577

What organization or people are asking to have this signed:

LLC "NTC IT ROSA"

What product or service is this for:

"ROSA Fresh" - Linux Desktop

What is the origin and full version number of your shim?

https://github.com/rhboot/shim/tree/13

What's the justification that this really does need to be signed for the whole world to be able to boot it:

ROSA Fresh is a non-profit Linux distribution developed by the community and has a long history. Is deployed on a high number of nodes already using it in SecureBoot mode enabled.

How do you manage and protect the keys used in your SHIM?

Shim has the public key of the EV Code Signing key pair (issued by DigiCert) built-in. The key is used to validate GRUB boot loader. No private keys are embedded.Shim binary itself is signed, so the built-in public key cannot be modified or removed without making the signature invalid. This guarantees that if shim has been tampered with and is then used in SecureBoot environments, this will be detected immediately.

Do you use EV certificates as embedded certificates in the SHIM?

Shim has the public key of the EV Code Signing key pair (issued by DigiCert) built-in.

What is the origin and full version number of your bootloader (GRUB or other)?

The source code of GRUB is available here: ftp://ftp.gnu.org/gnu/grub/grub-2.02.tar.xz <ftp://ftp.gnu.org/gnu/grub/grub-2.02.tar.xz>. The patches to GRUB 2.02 specific to ROSA Linux, as well as build scripts, are available here: https://abf.io/import/grub2

If your SHIM launches any other components, please provide further details on what is launched

Apart from the boot loader (GRUB), shim can launch MokManager tool (developed alongside shim, https://github.com/rhboot/shim )

How do the launched components prevent execution of unauthenticated code?

Same as GRUB, MokManager executable must be signed with the appropriate key (EV Code Signing) for shim to validate and launch it. MokManager itself executes no unauthenticated code.

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

Shim launches GRUB

What kernel are you using? Which patches does it includes to enforce Secure Boot?

Our current kernel is based on the kernel 4.15.0-40.43-generic from Ubuntu 18.04 LTS (http://kernel.ubuntu.com/git/kernel-ppa/mirror/ubuntu-bionic.git/), which already contains the patches to enforce SecureBoot as needed. We have no additional SecureBoot-related patches on top of that.

Our patches, configs and build instructions for the kernel (RPM spec file) are available here: https://abf.io/import/kernel-desktop-4.15

What changes were made since your SHIM was last signed?

This is an update from v0.9 to v13. From the changelog:
* MokManager: Stop using EFI_VARIABLE_APPEND_WRITE
* Better PCR usage for TPM
* Use authenticode signature length from WIN_CERTIFICATE structure
* More configurable build via make variables
* Workaround for signtool.exe bugs
* Bug fix for wrong options passed to second stage
* generate_hash(): fix the regression
* Ignore BDS when it tells us we got our own path on the command line
* Handle various different load option implementation differences
* TPM 1 and TPM 2 support`
* Use OpenSSL 1.0.2k
* Lots of minor bug fixes

What is the hash of your final SHIM binary?

sha256: b407cdeae8fee3c51300b6974599dff39cb5863223dc2617662fcdb07c68c55b shimx64.efi

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  https://github.com/opsi-org/shim-review
• completed README.md file with the necessary information
  https://github.com/opsi-org/shim-review/blob/master/README.md
• shim.efi to be signed
  https://github.com/opsi-org/shim-review/blob/master/shimx64.efi
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
  https://github.com/opsi-org/shim-review/blob/master/uib-MOK.cer
• any extra patches to shim via your own git tree or as files
  https://github.com/opsi-org/shim-review/blob/master/patch.txt
• any extra patches to grub via your own git tree or as files
  none
• build logs
  https://github.com/opsi-org/shim-review/blob/master/uib-shim.log

What organization or people are asking to have this signed:

uib gmbh - we are the developers of opsi.
uib gmbh
Bonifaziusplatz 1b
55118 Mainz
https://www.uib.de

What product or service is this for:

opsi is an open source operating system provisioning and software deployment framework.
We want to deploy Windows with support for SecureBoot and therefore request a signing of our SHIM. This SHIM contains ourt company key. With this key we will sign the following data and enable an easy to use way to deploy SecureBoot via opsi.

What is the origin and full version number of your shim?

shim-14
https://github.com/rhboot/shim/releases/tag/14

What's the justification that this really does need to be signed for the whole world to be able to boot it:

psi is used to deploy operating systems on a large amount of devices. It would be a disadvantage to manually deploy a key on all SecureBoot enabled machines, especially when a customer has a couple hundreds or even more than throusand machines. Therefore we request a signed SHIM to further sign the rets of our deployment with our key, which is included in the shim, to ease the deployment process.

How do you manage and protect the keys used in your SHIM?

The keys are storen on a seperate machine. Only authorized members have access to this machine.

Do you use EV certificates as embedded certificates in the SHIM?

No

What is the origin and full version number of your bootloader (GRUB or other)?

grub 2.02~beta2-36ubuntu3

If your SHIM launchers any other components, please provide further details on what is launched

Shim launches grub2, which shall launch a signed Linux Kernel and Miniroot to provide installation of SecureBoot enabled Windows OS

What kernel are you using? Which patches does it includes to enforce Secure Boot?

currently Vanilla Linux 4.17.6

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  keleg/shim-review@ntcitrosa-shim-x64-20190211
• completed README.md file with the necessary information
  https://github.com/keleg/shim-review/blob/ntcitrosa-shim-x64-20190211/README.md
• shim.efi to be signed
  https://github.com/keleg/shim-review/blob/ntcitrosa-shim-x64-20190211/shimx64.efi
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
  https://github.com/keleg/shim-review/blob/ntcitrosa-shim-x64-20190211/rosa.cer
• any extra patches to shim via your own git tree or as files
  https://abf.io/signer/shim-unsigned
• any extra patches to grub via your own git tree or as files
  https://abf.io/import/grub2
• build logs
  https://abf.io/build_lists/2962088

What organization or people are asking to have this signed:

LLC "NTC IT ROSA"

What product or service is this for:

"ROSA Fresh" - Linux Desktop

What is the origin and full version number of your shim?

https://github.com/rhboot/shim/tree/13

What's the justification that this really does need to be signed for the whole world to be able to boot it:

ROSA Fresh is a non-profit Linux distribution developed by the community and has a long history. Is deployed on a high number of nodes already using it in SecureBoot mode enabled.

How do you manage and protect the keys used in your SHIM?

Shim has the public key of the EV Code Signing key pair (issued by DigiCert) built-in. The key is used to validate GRUB boot loader. No private keys are embedded.Shim binary itself is signed, so the built-in public key cannot be modified or removed without making the signature invalid. This guarantees that if shim has been tampered with and is then used in SecureBoot environments, this will be detected immediately.

Do you use EV certificates as embedded certificates in the SHIM?

Shim has the public key of the EV Code Signing key pair (issued by DigiCert) built-in.

What is the origin and full version number of your bootloader (GRUB or other)?

The source code of GRUB is available here: ftp://ftp.gnu.org/gnu/grub/grub-2.02.tar.xz <ftp://ftp.gnu.org/gnu/grub/grub-2.02.tar.xz>. The patches to GRUB 2.02 specific to ROSA Linux, as well as build scripts, are available here: https://abf.io/import/grub2

If your SHIM launches any other components, please provide further details on what is launched

Apart from the boot loader (GRUB), shim can launch MokManager tool (developed alongside shim, https://github.com/rhboot/shim )

How do the launched components prevent execution of unauthenticated code?

Same as GRUB, MokManager executable must be signed with the appropriate key (EV Code Signing) for shim to validate and launch it. MokManager itself executes no unauthenticated code.

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

Shim launches GRUB

What kernel are you using? Which patches does it includes to enforce Secure Boot?

Our current kernel is based on the kernel 4.15.0-45.48-generic from Ubuntu 18.04 LTS (http://kernel.ubuntu.com/git/kernel-ppa/mirror/ubuntu-bionic.git/), which already contains the patches to enforce SecureBoot as needed. We have no additional SecureBoot-related patches on top of that.

Our patches, configs and build instructions for the kernel (RPM spec file) are available here: https://abf.io/import/kernel-desktop-4.15

What changes were made since your SHIM was last signed?

This is an update from v0.9 to v13. From the changelog:
* MokManager: Stop using EFI_VARIABLE_APPEND_WRITE
* Better PCR usage for TPM
* Use authenticode signature length from WIN_CERTIFICATE structure
* More configurable build via make variables
* Workaround for signtool.exe bugs
* Bug fix for wrong options passed to second stage
* generate_hash(): fix the regression
* Ignore BDS when it tells us we got our own path on the command line
* Handle various different load option implementation differences
* TPM 1 and TPM 2 support`
* Use OpenSSL 1.0.2k
* Lots of minor bug fixes

What is the hash of your final SHIM binary?

sha256: 20c2d68f407506861098b4b2921dfb80253996a086ad6e71b31047425b38ffa1 shimx64.efi

Date: Wed, 6 Dec 2017 08:50:25 +0100
From: Petr Řehák
Subject: [Shim-review] Adaptech Shim for review

Hello,

As part of the Shim signing proces as requested by Microsoft, I am kindly
asking you to approve our Shim on behalf of Adaptech s.r.o. in order to get
it signed by Microsoft. You can download the package at:
https://www.adaptech.cz/bin/shim.tar.gz

Thanks,

Petr Řehák

Adaptech s.r.o.

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  https://github.com/CumulusNetworks/shim-review/tree/cumulus-shim-x64-20180612
• completed README.md file with the necessary information
  https://github.com/CumulusNetworks/shim-review/blob/cumulus/README.md
• shim.efi to be signed
  https://github.com/CumulusNetworks/shim-review/blob/cumulus/shimx64.efi
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
  https://github.com/CumulusNetworks/shim-review/blob/cumulus/cumulus-uefi-cert.der
• any extra patches to shim via your own git tree or as files
  https://github.com/CumulusNetworks/shim-review/blob/cumulus/0001-CUMULUS-add-initial-debian-directory.patch
• any extra patches to grub via your own git tree or as files
  The bootloader is the version of grub2 shipping with Ubuntu 18.04 with the secure-boot patchset. Here's the source repo: https://git.launchpad.net/~ubuntu-core-dev/grub/+git/ubuntu/tag/?id=debian/2.02-2ubuntu8
• build logs
  https://github.com/CumulusNetworks/shim-review/blob/cumulus/shim-build.log

What organization or people are asking to have this signed:

Cumulus Networks, Inc.
IANA Enterprise Number 40310

Version of shim:

https://github.com/rhboot/shim/releases/tag/15

Sysdev Submission ID:

Note: Sysdev is deprecated as of June 2018. The new MS UEFI File signing service is located here:
https://developer.microsoft.com/en-us/dashboard/hardware/filesign/

Using the new service, our sub-mission ID is 13813503929849373.

What product or service is this for:

Cumulus Linux

What's the justification that this really does need to be signed for the whole world to be able to boot it:

Cumulus Linux is a Linux distribution for white box network switches. Secure Boot must be enabled going forward, as such we need a signed shim binary.

Date: Thu, 16 Nov 2017 12:27:08 +0100
Subject: [Shim-review] Request for review of SHIM-13 for Univention Corporate Server

Hello,

I request our SHIM for Univention Corporate Server to be reviewed.
I followed https://pjones.fedorapeople.org/shim-signing-procedure.html.
The requested data is available from our download server:
http://updates.software-univention.de/download/shim-13/

The corresponding request at Microsoft is
https://sysdev.microsoft.com/de-DE/Hardware/member/SubmissionCenter/UefiSubmissionDetails.aspx?SubmissionID=1970446

If you have any questions, just contact me.

Thank you in advance.

Philipp

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  jsegitz/shim-review/tree/openSUSE-Leap15.1-x64-20190204
• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs

What organization or people are asking to have this signed:

SUSE, https://suse.com/

What product or service is this for:

openSUSE Leap 15.1

What is the origin and full version number of your shim?

It is shim-15, up to rhboot/shim@b3e4d1f

What's the justification that this really does need to be signed for the whole world to be able to boot it:

Major linux distribution

How do you manage and protect the keys used in your SHIM?

The key is installed in a machine with restricted physical and system access.
Shim binaries do not include private portions of the key.

Do you use EV certificates as embedded certificates in the SHIM?

Yes

What is the origin and full version number of your bootloader (GRUB or other)?

• grub-2.02-37.3 with:
  • grub2-secureboot-chainloader.patch: Add secureboot support on efi chainloader. Expand the chainloader to be able to verify the image by means of shim lock protocol.
  • grub2-secureboot-no-insmod-on-sb.patch: Don't allow insmod when secure boot is enabled.

If your SHIM launches any other components, please provide further details on what is launched

N/A

How do the launched components prevent execution of unauthenticated code?

GRUB and kernel are patched to enforce Secure Boot.

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

No

What kernel are you using? Which patches does it includes to enforce Secure Boot?

kernel-4.12.14 is used

What changes were made since your SHIM was last signed?

Update to upstream version 15.

What is the hash of your final SHIM binary?

shim-opensuse.efi
sha256sum: 274a3ace0db7c6cff4bbb8a843565102e4ad3571d65fb170bf34653fb9f64ebc

Please review the Shim submission from IGEL.

We have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  igelboot/[email protected]
• completed README.md file with the necessary information
• shim.efi to be signed
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs

What organization or people are asking to have this signed:

IGEL Technology GmbH
Hermanstr. 17
86150 Augsburg,
Germany

https://www.igel.com/

IGEL Technology is a member of the Melchers group.
Managing Directors: Heiko Gloge and Nicolas C. S. Helms
District Court Bremen (Germany) HRB 20636, VAT: DE 219524359, WEEE-Reg.-No. DE 79295479

IGEL is a vendor of thin client hardware and software.

Version of shim:

https://github.com/rhboot/shim/tree/13
rhboot/shim@13

Sysdev Submission ID:

UEFI submission #1973560

What product or service is this for:

This is for IGEL's Linux-based thin client operating system, which is called IGEL OS. There are three products based on IGEL OS:

• IGEL OS (LX), the operating system for IGEL's own thin client devices
• Universal Desktop Converter 3 (UDC3), a live-bootable Linux system that installs IGEL OS on third-party devices
• UD Pocket, a live-bootable variant of IGEL OS on a pen drive

What's the justification that this really does need to be signed for the whole world to be able to boot it:

• IGEL wants to employ Secure Boot for building a trusted operating system from Shim to GRUB to the kernel to signed filesystem partitions. Secure Boot is the first step for this.
• IGEL would like customers to be able to run Universal Desktop Converter 3 (UDC3) on any amd64 device without disabling Secure Boot.
• IGEL would like UD Pocket to be bootable on any amd64 device without disabling Secure Boot.

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  ppatpat/shim-review@serva-shim-x64-ia32-15+39b834
• completed README.md file with the necessary information
  see ppatpat/shim-review@serva-shim-x64-ia32-15+39b834
• shim.efi to be signed
  see ppatpat/shim-review@serva-shim-x64-ia32-15+39b834 shimx64.efi shimia32.efi
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
  see ppatpat/shim-review@serva-shim-x64-ia32-15+39b834 PM_PubCert.der
• any extra patches to shim via your own git tree or as files
  none
• any extra patches to grub via your own git tree or as files
  Shim boots pxeserva.efi bootloader instead.
• build logs
  see ppatpat/shim-review@serva-shim-x64-ia32-15+39b834 build_Serva_Shim_x64_15+39b8345.log build_Serva_Shim_ia32_15+39b8345.log

What organization or people are asking to have this signed:

Vercot-Serva

What product or service is this for:

Serva 32/64

What is the origin and full version number of your shim?

15+39b8345

What's the justification that this really does need to be signed for the whole world to be able to boot it:

Serva is a well know PXE server

How do you manage and protect the keys used in your SHIM?

Vault/password protected only used when signing release versions

Do you use EV certificates as embedded certificates in the SHIM?

No

What is the origin and full version number of your bootloader (GRUB or other)?

pxeserva.efi is a Pxelinux 6.03 derivative

If your SHIM launchers any other components, please provide further details on what is launched

No

How do the launched components prevent execution of unauthenticated code?

N/A

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

Only loads pxeserva.efi

What kernel are you using? Which patches does it includes to enforce Secure Boot?

-

What changes were made since your SHIM was last signed?

N/A

What is the hash of your final SHIM binary?

shimx64=3DB001A1523AEF2BBD122F37DB7DDC5D347811ACA0907C741FB6324E3FFA1518 shimia32=E1053A4477A225093E5C880A1CC6DA587816F6E307B2CFECD2431BE90B499327

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  keleg/shim-review@ntcitrosa-shim-ia32-20181129
• completed README.md file with the necessary information
  https://github.com/keleg/shim-review/blob/ntcitrosa-shim-ia32-20181129/README.md
• shim.efi to be signed
  https://github.com/keleg/shim-review/blob/ntcitrosa-shim-ia32-20181129/shimia32.efi
• public portion of your certificate embedded in shim (the file passed to VENDOR_CERT_FILE)
  https://github.com/keleg/shim-review/blob/ntcitrosa-shim-ia32-20181129/rosa.cer
• any extra patches to shim via your own git tree or as files
  https://abf.io/signer/shim-unsigned
• any extra patches to grub via your own git tree or as files
  https://abf.io/import/grub2
• build logs
  https://abf.io/build_lists/2953576

What organization or people are asking to have this signed:

LLC "NTC IT ROSA"

What product or service is this for:

"ROSA Fresh" - Linux Desktop

What is the origin and full version number of your shim?

https://github.com/rhboot/shim/tree/13

What's the justification that this really does need to be signed for the whole world to be able to boot it:

ROSA Fresh is a non-profit Linux distribution developed by the community and has a long history. Is deployed on a high number of nodes already using it in SecureBoot mode enabled.

How do you manage and protect the keys used in your SHIM?

Shim has the public key of the EV Code Signing key pair (issued by DigiCert) built-in. The key is used to validate GRUB boot loader. No private keys are embedded.Shim binary itself is signed, so the built-in public key cannot be modified or removed without making the signature invalid. This guarantees that if shim has been tampered with and is then used in SecureBoot environments, this will be detected immediately.

Do you use EV certificates as embedded certificates in the SHIM?

Shim has the public key of the EV Code Signing key pair (issued by DigiCert) built-in.

What is the origin and full version number of your bootloader (GRUB or other)?

The source code of GRUB is available here: ftp://ftp.gnu.org/gnu/grub/grub-2.02.tar.xz <ftp://ftp.gnu.org/gnu/grub/grub-2.02.tar.xz>. The patches to GRUB 2.02 specific to ROSA Linux, as well as build scripts, are available here: https://abf.io/import/grub2

If your SHIM launches any other components, please provide further details on what is launched

Apart from the boot loader (GRUB), shim can launch MokManager tool (developed alongside shim, https://github.com/rhboot/shim )

How do the launched components prevent execution of unauthenticated code?

Same as GRUB, MokManager executable must be signed with the appropriate key (EV Code Signing) for shim to validate and launch it. MokManager itself executes no unauthenticated code.

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

Shim launches GRUB

What kernel are you using? Which patches does it includes to enforce Secure Boot?

Our current kernel is based on the kernel 4.15.0-40.43-generic from Ubuntu 18.04 LTS (http://kernel.ubuntu.com/git/kernel-ppa/mirror/ubuntu-bionic.git/), which already contains the patches to enforce SecureBoot as needed. We have no additional SecureBoot-related patches on top of that.

Our patches, configs and build instructions for the kernel (RPM spec file) are available here: https://abf.io/import/kernel-desktop-4.15

What changes were made since your SHIM was last signed?

This is an update from v0.9 to v13. From the changelog:
* MokManager: Stop using EFI_VARIABLE_APPEND_WRITE
* Better PCR usage for TPM
* Use authenticode signature length from WIN_CERTIFICATE structure
* More configurable build via make variables
* Workaround for signtool.exe bugs
* Bug fix for wrong options passed to second stage
* generate_hash(): fix the regression
* Ignore BDS when it tells us we got our own path on the command line
* Handle various different load option implementation differences
* TPM 1 and TPM 2 support`
* Use OpenSSL 1.0.2k
* Lots of minor bug fixes

What is the hash of your final SHIM binary?

sha256: 67471d9a3d7a50500c4d18b13a0c1ee34c1edfa20d0f348b203d035b970dbb9a shimia32.efi