search for: pesign

...Security Advisory 2023:1093 Important Upstream details at : https://access.redhat.com/errata/RHSA-2023:1093 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: c041cb0f7c5becd34a9fa8c2693fe7723c0e561a13cee7ae61287bfc4ff2eb4d pesign-0.109-11.el7_9.x86_64.rpm Source: 90f1b952b1c14d738c75cf8cc3841c86f38dca07a9010e872e1772ac2c3fdc5c pesign-0.109-11.el7_9.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos at libera.chat Twitter: @JohnnyCentOS

Am 16.06.20 um 22:04 schrieb Fabian Arrotin: > On 16/06/2020 15:06, Leon Fauster via CentOS wrote: >> Hi all, >> >> I updated a Dell XPS laptop from CentOS 8.1 (1911) to 8.2 (2004). >> >> Installed kernels are >> kernel-4.18.0-147.5.1.el8_1.x86_64 >> kernel-4.18.0-147.8.1.el8_1.x86_64 >> kernel-4.18.0-193.6.3.el8_2.x86_64 >> >>

After updates to grub2 and kernel in CentOS 7, today, systems will no longer boot in Secure Boot mode. I'm not positive, but I think grub2 is the culprit. Is anyone else seeing the same problem?

...may want to file a > bug report [against grub2] at http://bugs.centos.org so that this can > be followed properly. Yeah, I just figured out how to query the signature of the new and previous grub image. The new one is signed with "Red Hat Test Certificate" [root at vagrant ~]# pesign --show-signature --in /var/tmp/grub2-16/boot/efi/EFI/centos/grubx64.efi --------------------------------------------- certificate address is 0x7fb81b3cb808 Content was not encrypted. Content is detached; signature cannot be verified. The signer's common name is Red Hat Inc. No signer email add...

...d Hat Enterprise Linux 8 kernel versions have not been added to shim?s allow list. If you are running with Secure Boot enabled, and the user needs to boot to an older kernel version, its hash must be manually enrolled into the trust list. This is achieved by executing the following commands: # pesign -P -h -i /boot/vmlinuz-<version> # mokutil --import-hash <hash value returned from pesign> # reboot

...lt mail operator games ftp nobody dbus systemd-coredump systemd-resolve tss polkitd geoclue rtkit pulse pipewire libstoragemgmt qemu usbmuxd unbound rpc gluster chrony setroubleshoot saslauth dnsmasq radvd clevis cockpit-ws cockpit-wsinstance sssd flatpak colord gdm rpcuser gnome-initial-setup sshd pesign avahi rngd tcpdump munge kernel oplocks = Yes vfs objects = gpfs fileid catia fruit streams_xattr [root at midway3-dm1 samba]# wbinfo -D ADLOCAL Name : ADLOCAL Alt_Name : ad.local SID : S-1-5-21-1644491937-1604221776-725345543 Active Directory...

...es ftp nobody dbus systemd-coredump systemd-resolve tss > polkitd geoclue rtkit pulse pipewire libstoragemgmt qemu usbmuxd unbound > rpc gluster chrony setroubleshoot saslauth dnsmasq radvd clevis > cockpit-ws cockpit-wsinstance sssd flatpak colord gdm rpcuser > gnome-initial-setup sshd pesign avahi rngd tcpdump munge > > kernel oplocks = Yes > > vfs objects = gpfs fileid catia fruit streams_xattr > > [homes] > > browseable = No > > comment = Home Directories > > create mask = 0664 > > directo...

...kernel-4.19.46-1.el6.src.rpm gcc-4.6.2-1.el6.src.rpm gcc-4.8.5-36.el6.src.rpm binutils-2.23.51.0.1-3.fc18.src.rpm binutils-2.27-34.base.el7.src.rpm curl-7.29.0-25.el7.centos.src.rpm curl-7.29.0-52.el6.src.rpm python-pycurl-7.19.0-17.el7.src.rpm python-pycurl-7.19.0-19.el7.src.rpm pesign-0.106-1.el6.src.rpm The package upgrades were essentially needed to support the newer 4.19.x kernel series to compile successfully and to support CONFIG_RETPOLINE (Compile kernel with the retpoline compiler options to guard against kernel-to-user data leaks by avoiding speculative indirect bran...