v2.114.24
This commit is contained in:
parent
dd52e25dc7
commit
11edc2f001
3 changed files with 101 additions and 1 deletions
|
@ -1,3 +1,86 @@
|
|||
- commits:
|
||||
- subject: Update layers/meta-balena to d0b1a5a80c691e752dd5b396ce7da995507dd619
|
||||
hash: 07c73fd8c48891af0600b13457da3ab1390dc37c
|
||||
body: Update layers/meta-balena
|
||||
footer:
|
||||
Changelog-entry: Update layers/meta-balena to d0b1a5a80c691e752dd5b396ce7da995507dd619
|
||||
changelog-entry: Update layers/meta-balena to d0b1a5a80c691e752dd5b396ce7da995507dd619
|
||||
author: Renovate Bot
|
||||
nested:
|
||||
- commits:
|
||||
- subject: "resin-init-flasher: add more comments around efi/boot partition split"
|
||||
hash: 63663b30f8962be8b6d8070340fe89e435f8915b
|
||||
body: |
|
||||
This is hard to follow when reading the code without context.
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Michal Toman <michalt@balena.io>
|
||||
signed-off-by: Michal Toman <michalt@balena.io>
|
||||
author: Michal Toman
|
||||
nested: []
|
||||
- subject: "resin-init-flasher: reboot into signed flasher when provisioning
|
||||
secure boot"
|
||||
hash: ceedc55646898e4eacb840f89710f39c58674323
|
||||
body: >
|
||||
When programming keys for secure boot, some devices do not clear
|
||||
|
||||
the setup mode flag after a new PK is installed. In this case
|
||||
|
||||
flasher will reboot in order to ensure the keys are actually saved
|
||||
|
||||
and the device comes back with secure boot enabled. Since we changed
|
||||
|
||||
flasher to be unsigned by default, this reboot causes a security
|
||||
|
||||
violation.
|
||||
|
||||
|
||||
With this patch flasher will add a new boot entry before issuing
|
||||
|
||||
the reboot so that signed flasher comes up and the installation process
|
||||
|
||||
can continue.
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Michal Toman <michalt@balena.io>
|
||||
signed-off-by: Michal Toman <michalt@balena.io>
|
||||
author: Michal Toman
|
||||
nested: []
|
||||
- subject: "resin-init-flasher: Fill db EFI variable from esl file instead of
|
||||
auth"
|
||||
hash: d1e045b826c48168d75163cf9bb9fb1a387ed4f2
|
||||
body: >
|
||||
Currently the db.auth file is signed as "append" in order to
|
||||
make HUP work.
|
||||
|
||||
Most UEFI firmwares will accept such file even for "replace", which we do
|
||||
|
||||
during the initial provisioning, however we have seen devices that will
|
||||
|
||||
only allow appending, which makes flasher fail.
|
||||
|
||||
|
||||
With this patch flasher will use the esl file for initial programming
|
||||
|
||||
of the db variable.
|
||||
|
||||
|
||||
PK and KEK are unaffected.
|
||||
footer:
|
||||
Change-type: patch
|
||||
change-type: patch
|
||||
Signed-off-by: Michal Toman <michalt@balena.io>
|
||||
signed-off-by: Michal Toman <michalt@balena.io>
|
||||
author: Michal Toman
|
||||
nested: []
|
||||
version: meta-balena-2.114.24
|
||||
title: ""
|
||||
date: 2023-05-11T20:31:43.765Z
|
||||
version: 2.114.24
|
||||
title: ""
|
||||
date: 2023-05-11T23:19:17.360Z
|
||||
- commits:
|
||||
- subject: Update layers/meta-balena to 3f2f215e39c39fc3ef227db665c99fb8ad77ee08
|
||||
hash: 7155621e3e419840628ab4c0e9ad972037cf2f4b
|
||||
|
|
17
CHANGELOG.md
17
CHANGELOG.md
|
@ -1,6 +1,23 @@
|
|||
Change log
|
||||
-----------
|
||||
|
||||
# v2.114.24
|
||||
## (2023-05-11)
|
||||
|
||||
|
||||
<details>
|
||||
<summary> Update layers/meta-balena to d0b1a5a80c691e752dd5b396ce7da995507dd619 [Renovate Bot] </summary>
|
||||
|
||||
> ## meta-balena-2.114.24
|
||||
> ### (2023-05-11)
|
||||
>
|
||||
> * resin-init-flasher: add more comments around efi/boot partition split [Michal Toman]
|
||||
> * resin-init-flasher: reboot into signed flasher when provisioning secure boot [Michal Toman]
|
||||
> * resin-init-flasher: Fill db EFI variable from esl file instead of auth [Michal Toman]
|
||||
>
|
||||
|
||||
</details>
|
||||
|
||||
# v2.114.23
|
||||
## (2023-05-06)
|
||||
|
||||
|
|
2
VERSION
2
VERSION
|
@ -1 +1 @@
|
|||
2.114.23
|
||||
2.114.24
|
Loading…
Add table
Reference in a new issue