FS#66567 - [archiso] install EFI shell from edk2-shell package rather than directly downloading it

Opened by David P. (Megver83) - Wednesday, 06 May 2020, 19:11 GMT
Last edited by David Runge (dvzrv) - Saturday, 30 May 2020, 17:53 GMT
make_efi in installs Tianocore's EFI shell v1 and v2 by downloading them from their old UDK2018 branch. This leads to the following issues I've identified:

* v2 binary in that branch is not up-to-date
* the downloaded binaries' integrity are not verified through a checksum

A more secure way to install the EFI shell in the ISOs is by installing it through the edk2-shell package from [extra]. It has, however, only v2 afaik. Idk if nowadays the latest EFI shell supports non UEFI 2.3+, but if you still want to include v1, then the following should be done:

a.- create a package with EFI shell v1, built from binary if you can't do it from source (I haven't been able to compile it in Arch), or
b.- if downloading it from git, at least make it a checksum verification to avoid a possible corruption (please use a strong one like sha256 or sha512)
Closed by  David Runge (dvzrv)
Saturday, 30 May 2020, 17:53 GMT
Reason for closing:  Fixed
Additional comments about closing:  Merged in rchiso/-/merge_requests/1/diffs

Will be part of v44
Comment by David Runge (dvzrv) - Thursday, 07 May 2020, 09:24 GMT
@Megver83: This is in the making (and the reason for edk2-shell being added):
Comment by David Runge (dvzrv) - Saturday, 23 May 2020, 14:45 GMT
I have opened an upstream merge-request [1] for this and the changes will be available in an upcoming version.