Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#72415 - [grub] 2.06 please add a sbat file to the package

Attached to Project: Arch Linux
Opened by Tobias Powalowski (tpowa) - Thursday, 14 October 2021, 05:11 GMT
Last edited by Christian Hesse (eworm) - Saturday, 25 December 2021, 22:54 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To Ronald van Haren (pressh)
Christian Hesse (eworm)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
Hi, in order to be able to boot secure boot through shim this file is needed during grubx64.efi generation invoking --sbat option:
https://github.com/rhboot/shim/blob/main/SBAT.md

Example from archboot code:
# create Arch Linux sbat file
echo "sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md" > ${X86_64}/sbat.csv
echo "grub,1,Free Software Foundation,grub,2.06,https//www.gnu.org/software/grub/" >> ${X86_64}/sbat.csv
echo "grub.arch,1,Arch Linux,grub2,2.06,https://www.archlinux.org" >> ${X86_64}/sbat.csv
This task depends upon

Closed by  Christian Hesse (eworm)
Saturday, 25 December 2021, 22:54 GMT
Reason for closing:  Implemented
Additional comments about closing:  grub 2:2.06-3
Comment by Morten Linderud (Foxboron) - Thursday, 14 October 2021, 07:37 GMT
The sbat entry is wrong.

"arch,1,Arch Linux,$pkgname,$pkgver,https://archlinux.org/packages/core/x86_64/grub/"

Should be correct I believe and follows what systemd and fwupd currently does.
Comment by Christian Hesse (eworm) - Saturday, 25 December 2021, 21:47 GMT
Anybody wants to come up with a complete patch for PKGBUILD?
Comment by Morten Linderud (Foxboron) - Saturday, 25 December 2021, 22:13 GMT
I'm thinking something like this.

Essentially the file needs to be used in `grub-mkimage --sbat /usr/share/grub/sbat.csv`. Other distrios include the EFI generated image as part of their package. So we sadly just have to document this properly somewhere.

Loading...