0004027: aarch64 shim is not signed by microsoft

ID	Project	Category	View Status	Date Submitted	Last Update

0004027	Rocky-Linux-8	shim	public	2023-08-29 21:38	2024-07-18 17:23

Reporter	Amy Crate	Assigned To	Sherif Nagy
Priority	normal	Severity	minor	Reproducibility	always
Status	confirmed	Resolution	open

Summary	0004027: aarch64 shim is not signed by microsoft
Description	The rocky linux ARM shims on both version 8 and 9 are signed only by the Rocky Enterprise Software Foundation, not by Microsoft.
Tags	No tags attached.

Sherif Nagy 2023-08-30 08:21 manager ~0004462	We are planning to sign our ARM shim with microsoft and we are working on building a secureboot signing infrastructure for other architectures as well, however at this moment, we don't have an exact time. You may load the RESF cert into the mok and enable secureboot until we sign the ARM shim with Microsoft cert.

Sherif Nagy 2023-08-30 08:23 manager ~0004463	Confirmed and we are well aware of this.

Amy Crate 2024-07-18 17:23 reporter ~0007954	Shim is signed and the default and SIG Cloud kernels are now shipped un-gzipped so they secure boot successfully on both rocky 8 and 9. Is this considered resolved or is there more work to track here?

Date Modified	Username	Field	Change
2023-08-29 21:38	Amy Crate	New Issue
2023-08-30 08:21	Sherif Nagy	Note Added: 0004462
2023-08-30 08:23	Sherif Nagy	Assigned To	=> Sherif Nagy
2023-08-30 08:23	Sherif Nagy	Status	new => confirmed
2023-08-30 08:23	Sherif Nagy	Note Added: 0004463
2024-07-18 17:23	Amy Crate	Note Added: 0007954