Bug 1219460

Summary: shim is built failed due to fde-tpm-helper-rpm-macros
Product: [openSUSE] openSUSE Tumbleweed Reporter: Tseng <dennis.tseng>
Component: BootloaderAssignee: E-mail List <screening-team-bugs>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: dennis.tseng, glin, jlee
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Tseng 2024-02-02 03:57:59 UTC 
When building shim in Factory's secure boot project, an error message occurs saying "nothing provides fde-tpm-helper-rpm-macros" 
Please refer:
https://build.opensuse.org/project/show/openSUSE:Factory:secure-boot
Comment 1 Tseng 2024-02-02 04:10:57 UTC 
Hi Gary,

I saw you have a change log about the fde-tpm-helper-macro in Sep of last year:

Tue Sep 19 08:36:17 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
- Adopt the macros from fde-tpm-helper-macros to update the
  signature in the sealed key after a bootloader upgrade

However, we were failed to build shim in Factory/secure-boot project. I can see you set the version number to 1320:

%if 0%{?suse_version} > 1320
BuildRequires:  fde-tpm-helper-rpm-macros

We also saw you set 1600 in your grub2. Would you please explain what is the purpose of this macro ? And why it must be set to 1320 on shim ? 
Many thanks.

--Dennis
Comment 2 Gary Ching-Pang Lin 2024-02-02 05:53:39 UTC 
The macro is for the FDE feature of ALP and mistakenly set the wrong version check for shim. I'll fix the version.
Comment 3 Gary Ching-Pang Lin 2024-02-05 07:43:55 UTC 
The fix is submitted to devel:openSUSE:Factory/shim. sr#1143635
Comment 4 Tseng 2024-02-07 02:54:55 UTC 
(In reply to Gary Ching-Pang Lin from comment #3)
> The fix is submitted to devel:openSUSE:Factory/shim. sr#1143635

Thank Gary. The secure boot sub-project has been built successfully.
https://build.opensuse.org/project/monitor/openSUSE:Factory:secure-boot.
Close this case.
Comment 5 Tseng 2024-02-07 02:56:41 UTC 
The secure boot sub-project has been built successfully.
https://build.opensuse.org/project/monitor/openSUSE:Factory:secure-boot.
Close this case.
Comment 8 Maintenance Automation 2024-04-22 12:30:19 UTC 
SUSE-SU-2024:1368-1: An update that solves seven vulnerabilities, contains one feature and has five security fixes can now be installed.

Category: security (important)
Bug References: 1198101, 1205588, 1205855, 1210382, 1213945, 1215098, 1215099, 1215100, 1215101, 1215102, 1215103, 1219460
CVE References: CVE-2022-28737, CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551
Jira References: PED-922
Maintenance Incident: [SUSE:Maintenance:32617](https://smelt.suse.de/incident/32617/)
Sources used:
openSUSE Leap 15.3 (src):
 shim-15.8-150300.4.20.2, efitools-1.9.2-150300.7.3.1
openSUSE Leap Micro 5.3 (src):
 shim-15.8-150300.4.20.2
openSUSE Leap Micro 5.4 (src):
 shim-15.8-150300.4.20.2
openSUSE Leap 15.5 (src):
 shim-15.8-150300.4.20.2
SUSE Linux Enterprise Micro for Rancher 5.3 (src):
 shim-15.8-150300.4.20.2
SUSE Linux Enterprise Micro 5.3 (src):
 shim-15.8-150300.4.20.2
SUSE Linux Enterprise Micro for Rancher 5.4 (src):
 shim-15.8-150300.4.20.2
SUSE Linux Enterprise Micro 5.4 (src):
 shim-15.8-150300.4.20.2
SUSE Linux Enterprise Micro 5.5 (src):
 shim-15.8-150300.4.20.2
Basesystem Module 15-SP5 (src):
 shim-15.8-150300.4.20.2
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src):
 shim-15.8-150300.4.20.2
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src):
 shim-15.8-150300.4.20.2
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src):
 shim-15.8-150300.4.20.2
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src):
 shim-15.8-150300.4.20.2
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src):
 shim-15.8-150300.4.20.2
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src):
 shim-15.8-150300.4.20.2
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src):
 shim-15.8-150300.4.20.2
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src):
 shim-15.8-150300.4.20.2
SUSE Manager Proxy 4.3 (src):
 shim-15.8-150300.4.20.2
SUSE Manager Retail Branch Server 4.3 (src):
 shim-15.8-150300.4.20.2
SUSE Manager Server 4.3 (src):
 shim-15.8-150300.4.20.2
SUSE Enterprise Storage 7.1 (src):
 shim-15.8-150300.4.20.2
SUSE Linux Enterprise Micro 5.1 (src):
 shim-15.8-150300.4.20.2
SUSE Linux Enterprise Micro 5.2 (src):
 shim-15.8-150300.4.20.2
SUSE Linux Enterprise Micro for Rancher 5.2 (src):
 shim-15.8-150300.4.20.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Maintenance Automation 2024-04-29 12:30:03 UTC 
SUSE-SU-2024:1462-1: An update that solves seven vulnerabilities, contains one feature and has five security fixes can now be installed.

Category: security (important)
Bug References: 1198101, 1205588, 1205855, 1210382, 1213945, 1215098, 1215099, 1215100, 1215101, 1215102, 1215103, 1219460
CVE References: CVE-2022-28737, CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551
Jira References: PED-922
Maintenance Incident: [SUSE:Maintenance:33581](https://smelt.suse.de/incident/33581/)
Sources used:
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src):
 shim-15.8-25.30.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src):
 shim-15.8-25.30.1
SUSE Linux Enterprise Server 12 SP5 (src):
 shim-15.8-25.30.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Maintenance Automation 2024-04-29 12:30:09 UTC 
SUSE-SU-2024:1461-1: An update that solves seven vulnerabilities, contains one feature and has five security fixes can now be installed.

Category: security (important)
Bug References: 1198101, 1205588, 1205855, 1210382, 1213945, 1215098, 1215099, 1215100, 1215101, 1215102, 1215103, 1219460
CVE References: CVE-2022-28737, CVE-2023-40546, CVE-2023-40547, CVE-2023-40548, CVE-2023-40549, CVE-2023-40550, CVE-2023-40551
Jira References: PED-922
Maintenance Incident: [SUSE:Maintenance:33579](https://smelt.suse.de/incident/33579/)
Sources used:
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src):
 shim-15.8-150100.3.38.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src):
 shim-15.8-150100.3.38.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src):
 shim-15.8-150100.3.38.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.