New updated efi-rpm-macros-3-2, fwupdate-11-3, grub2-2.02-87,shim-15-15, and shim-unsigned-x64-15-8 packages have been rolled out to 100% and are now available for download from our production repository.

Changelog

• CloudLinux OS debranding: set vendor to CloudLinux and EFI dir to CentOS
• Always provide macros for efi_arch and efi_alt_arch (and their _upper variants), and make efi_has_arch and efi_has_alt_arch 0 when they are wrong. This ensures everything can always expand when we're on a non-efi architecture.

• Fix dependency chain issue when doing a parallel make
  Related: rhbz#1677579
• Fix secure boot signing for RHEL 8
  Resolves: rhbz#1677579
• Rebuild for signing with the proper key.
  Resolves: rhbz#1677579

• Fix several CVEs
  Resolves: CVE-2020-10713
  Resolves: CVE-2020-14308
  Resolves: CVE-2020-14309
  Resolves: CVE-2020-14310
  Resolves: CVE-2020-14311

• Update once again for new signed shim builds.
   Resolves: rhbz#1862232
• New signing keys
  Related: CVE-2020-10713
  Related: CVE-2020-14308
  Related: CVE-2020-14309
  Related: CVE-2020-14310
  Related: CVE-2020-14311

• Fix a load-address-dependent forever loop.
  Resolves: rhbz#1861977
  Related: CVE-2020-10713
  Related: CVE-2020-14308
  Related: CVE-2020-14309
  Related: CVE-2020-14310
  Related: CVE-2020-14311
  Related: CVE-2020-15705
  Related: CVE-2020-15706
  Related: CVE-2020-15707
• Implement Lenny's workaround
  Related: CVE-2020-10713
  Related: CVE-2020-14308
  Related: CVE-2020-14309
  Related: CVE-2020-14310
  Related: CVE-2020-14311
• Once more with the MokListRT config table patch added.
  Related: CVE-2020-10713
  Related: CVE-2020-14308
  Related: CVE-2020-14309
  Related: CVE-2020-14310
  Related: CVE-2020-14311
• Rebuild for bug fixes and new signing keys
  Related: CVE-2020-10713
  Related: CVE-2020-14308
  Related: CVE-2020-14309
  Related: CVE-2020-14310
  Related: CVE-2020-14311

Update command

yum update grub2-common efi-srpm-macros fwupdate shim-x64