Force shim to use the latest revocations by default to block some
older grub / peimage issues. This is:
"shim,4\ngrub,4\ngrub.peimage,2\n"
This should work with the current released grub builds in all of
buster, bullseye, bookwork and trixie/unstable. Let's not leave known
security holes in the wild.
+ 0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch
+ 0002-sbat-Also-bump-latest-for-grub-4-and-to-todays-date.patch
* Log if the build is nx-compatible or not
+ * Force shim to use the latest revocations by default to block some
+ older grub / peimage issues. This is:
+ "shim,4\ngrub,4\ngrub.peimage,2\n"
+
[ Bastien Roucariès ]
* Port autopkgtest from ubuntu
CC=$(DEB_HOST_GNU_TYPE)-gcc-12 \
$(NULL)
+# Force shim to use the latest revocations by default to block some
+# older grub / peimage issues. This is:
+# "shim,4\ngrub,4\ngrub.peimage,2\n"
+COMMON_OPTIONS += SBAT_AUTOMATIC_DATE=2024010900
+
$(DBX_LIST): $(DBX_HASHES)
./debian/generate_dbx_list $(EFI_ARCH) $< $@