FS#66567 - [archiso] install EFI shell from edk2-shell package rather than directly downloading it
Attached to Project:
Release Engineering
Opened by David P. (Megver83) - Wednesday, 06 May 2020, 19:11 GMT
Last edited by David Runge (dvzrv) - Saturday, 30 May 2020, 17:53 GMT
Opened by David P. (Megver83) - Wednesday, 06 May 2020, 19:11 GMT
Last edited by David Runge (dvzrv) - Saturday, 30 May 2020, 17:53 GMT
|
Details
Description:
make_efi in build.sh installs Tianocore's EFI shell v1 and v2 by downloading them from their old UDK2018 branch. This leads to the following issues I've identified: * v2 binary in that branch is not up-to-date * the downloaded binaries' integrity are not verified through a checksum A more secure way to install the EFI shell in the ISOs is by installing it through the edk2-shell package from [extra]. It has, however, only v2 afaik. Idk if nowadays the latest EFI shell supports non UEFI 2.3+, but if you still want to include v1, then the following should be done: a.- create a package with EFI shell v1, built from binary if you can't do it from source (I haven't been able to compile it in Arch), or b.- if downloading it from git, at least make it a checksum verification to avoid a possible corruption (please use a strong one like sha256 or sha512) |
This task depends upon
Closed by David Runge (dvzrv)
Saturday, 30 May 2020, 17:53 GMT
Reason for closing: Fixed
Additional comments about closing: Merged in https://gitlab.archlinux.org/archlinux/a rchiso/-/merge_requests/1/diffs
Will be part of v44
Saturday, 30 May 2020, 17:53 GMT
Reason for closing: Fixed
Additional comments about closing: Merged in https://gitlab.archlinux.org/archlinux/a rchiso/-/merge_requests/1/diffs
Will be part of v44
[1] https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/1