diff options
Diffstat (limited to 'shim.changelog')
-rw-r--r-- | shim.changelog | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/shim.changelog b/shim.changelog index efa968953e4a..af6af45855fa 100644 --- a/shim.changelog +++ b/shim.changelog @@ -1,3 +1,35 @@ +14 + The shim EFI binary cannot have sections whose offset is not a multiple of the + file header offset, or else signtool.exe will generate an incorrect signature + that cannot be verified. Currently we generate a PLT section that is + incorrectly aligned, due to an error in rebasing OpenSSL to fix a different + issue. This version rectifies that error, as well as adding --no-undefined to + the final link, so that any such missing symbol will cause a build error. This + doesn't necessarily solve the file offset problem in all cases, but it does + solve it in all the cases we've actually seen so far. + +13 + * OpenSSL reverted to 1.0.2k to make the cert chaining of existing deployments stay working + * Better PCR usage for TPM + * TPM documentation in README.tpm + * More configurable build via make variables: + ENABLE_SHIM_CERT + ENABLE_SHIM_HASH + ENABLE_SBSIGN + LIBDIR + EFIDIR + VENDOR_CERT_FILE + VENDOR_DB_FILE + Better MoK documentation in MokVars.txt + Better debuginfo generation + Lots of minor bug fixes. + +12 + * OpenSSL 1.1.0e (glin) + * Workaround for signtool.exe bugs (pjones) + * Bug fix for wrong options passed to second stage (jsgruber) + * Requested that tar.gz/zip downloads not used for this version + 11 * generate_hash(): fix the regression (Lans Zhang) * Ignore BDS when it tells us we got our own path on the command line. |