summaryrefslogtreecommitdiff
path: root/debian/debian-dbx.hashes
AgeCommit message (Collapse)Author
2021-03-23Improve how the dbx hashes are handledSteve McIntyre
Only include the hashes for the architecture we're building for - no point in adding bloat and delay here. Add a script "block_signed_deb" to scan a set of .deb files, extract the hashes for .efi binaries and list them in the format wanted for the dbx hashes file. Split out the code to use that file from the rules file into a separate helper.
2021-03-23Add dbx entries for all our existing grub binariesSteve McIntyre
They're insecure, let's break the chainloading hole
2020-07-24Typo fixSteve McIntyre
2019-05-08Use --padding when calling pesign to generate hashesSteve McIntyre
for the dbx list, as recommended by Peter Jones. No actual changes needed in our list of hashes at this point - they work out the same either way.
2019-05-08Remove the hash for Sledge's test arm64 grub binarySteve McIntyre
Not needed now.
2019-05-06Add more hashes that we want to blacklistSteve McIntyre
signed arm64 grub binaries that allow use of the devicetree command, as found in grub-efi-arm64-signed_1+2.02+dfsg1+16_arm64.deb grub-efi-arm64-signed_1+2.02+dfsg1+17_arm64.deb
2019-05-06Add initial file with test checksums for the dbx listSteve McIntyre
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-31 18:19:16 +0000