From 2146d0c792793dfdf3fd231b40fef30c112655ab Mon Sep 17 00:00:00 2001 From: Sofia Boldyreva Date: Wed, 27 Mar 2024 19:08:37 +0100 Subject: [PATCH 1/5] Added info about AlmaLinux Secure Boot to Security Measures --- i18n/en.json | 15 ++++++++++++--- layouts/index.html | 2 +- layouts/security/single.html | 36 +++++++++++++++++++++++++++++++++++- 3 files changed, 48 insertions(+), 5 deletions(-) diff --git a/i18n/en.json b/i18n/en.json index a27a5ac..e907ed2 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -400,7 +400,7 @@ "about SBOM integration in AlmaLinux.": "about SBOM integration in AlmaLinux.", "AlmaLinux OS also provides ": "AlmaLinux OS also provides ", "AlmaLinux SBOM User Guide": "AlmaLinux SBOM User Guide", - "AlmaLinux OS provides a set of security features: Errata, GPG keys, Mailing Lists, OpenSCAP, OVAL, SBOM": "AlmaLinux OS provides a set of security features: Errata, GPG keys, Mailing Lists, OpenSCAP, OVAL, SBOM", + "AlmaLinux OS provides a set of security features: Errata, GPG keys, Mailing Lists, OpenSCAP, OVAL, SBOM, and Secure Boot": "AlmaLinux OS provides a set of security features: Errata, GPG keys, Mailing Lists, OpenSCAP, OVAL, SBOM, and Secure Boot", "Azure Marketplace": "Azure Marketplace", "More information about AlmaLinux OpenNebula images and verification guidelines are available on the \"}}{{ i18n \"AlmaLinux OpenNebula Wiki Page": "More information about AlmaLinux OpenNebula images and verification guidelines are available on the \"}}{{ i18n \"AlmaLinux OpenNebula Wiki Page", "The official AlmaLinux OS images are available on \"}}{{ i18n \"Oracle Cloud Marketplace": "The official AlmaLinux OS images are available on \"}}{{ i18n \"Oracle Cloud Marketplace", @@ -582,5 +582,14 @@ "10:00 am: Hackathon kicks off!": "10:00 am: Hackathon kicks off!", "Learn more about the project": "Learn more about the project", "See the full Hackathon agenda": "See the full Hackathon agenda", - "11:00 am": "11:00 am" -} \ No newline at end of file + "11:00 am": "11:00 am", + "Secure Boot is a security feature that ensures a system boots only with trusted software, preventing the loading of unauthorized operating systems or software that could potentially compromise the system's integrity.": "Secure Boot is a security feature that ensures a system boots only with trusted software, preventing the loading of unauthorized operating systems or software that could potentially compromise the system's integrity.", + "AlmaLinux provides Secure Boot support starting the AlmaLinux 8.4 release.": "AlmaLinux provides Secure Boot support starting the AlmaLinux 8.4 release.", + "AlmaLinux shim passes the ": "AlmaLinux shim passes the ", + "official review": "official review", + "and is signed by Microsoft.": "and is signed by Microsoft.", + "AlmaLinux shim trusts 3 certificates:": "AlmaLinux shim trusts 3 certificates:", + "Signed for:": "Signed for:", + "Verified by:": "Verified by:", + "Expires:": "Expires:" +} diff --git a/layouts/index.html b/layouts/index.html index 0484ba8..1a3b88d 100644 --- a/layouts/index.html +++ b/layouts/index.html @@ -329,7 +329,7 @@

- {{ i18n "AlmaLinux OS provides a set of security features: Errata, GPG keys, Mailing Lists, OpenSCAP, OVAL, SBOM" }}- {{ i18n "read more" }}. + {{ i18n "AlmaLinux OS provides a set of security features: Errata, GPG keys, Mailing Lists, OpenSCAP, OVAL, SBOM, and Secure Boot" }}- {{ i18n "read more" }}.

diff --git a/layouts/security/single.html b/layouts/security/single.html index 0692d5f..adc00af 100644 --- a/layouts/security/single.html +++ b/layouts/security/single.html @@ -167,7 +167,41 @@

- + +
+

Secure Boot

+
+
+

+ {{ i18n "Secure Boot is a security feature that ensures a system boots only with trusted software, preventing the loading of unauthorized operating systems or software that could potentially compromise the system's integrity." }} +
{{ i18n "AlmaLinux provides Secure Boot support starting the AlmaLinux 8.4 release." }} +
{{ i18n "AlmaLinux shim passes the " }}{{ i18n "official review" }} {{ i18n "and is signed by Microsoft." }}
+
{{ i18n "AlmaLinux shim trusts 3 certificates:" }} +

+
+
+

almalinux-sb-cert-1.der

+ {{ i18n "Signed for:" }} AlmaLinux OS Foundation + {{ i18n "Verified by:" }} Sectigo Public Code Signing CA EV R36 + {{ i18n "Expires:" }} 30.01.2025 +
+
+

almalinux-sb-cert-2.der

+ {{ i18n "Signed for:" }} AlmaLinux OS Foundation + {{ i18n "Verified by:" }} SSL.com EV Code Signing Intermediate CA RSA + {{ i18n "Expires:" }} 19.01.2025 +
+
+

almalinux-sb-cert-3.der

+ {{ i18n "Signed for:" }} AlmaLinux OS Foundation + {{ i18n "Verified by:" }} AlmaLinux Secure Boot CA + {{ i18n "Expires:" }} 14.03.2034 +
+
+
+ +
+ From 4eb3b1591fd4e81499085d11fd127001f97b4c72 Mon Sep 17 00:00:00 2001 From: Sofia Boldyreva <87830789+sboldyreva@users.noreply.github.com> Date: Wed, 27 Mar 2024 20:01:55 +0100 Subject: [PATCH 2/5] Update layouts/security/single.html Co-authored-by: benny Vasquez --- layouts/security/single.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/layouts/security/single.html b/layouts/security/single.html index adc00af..1e522b2 100644 --- a/layouts/security/single.html +++ b/layouts/security/single.html @@ -174,7 +174,7 @@

{{ i18n "Secure Boot is a security feature that ensures a system boots only with trusted software, preventing the loading of unauthorized operating systems or software that could potentially compromise the system's integrity." }} -
{{ i18n "AlmaLinux provides Secure Boot support starting the AlmaLinux 8.4 release." }} +
{{ i18n "AlmaLinux provides Secure Boot support starting with the AlmaLinux 8.4 release." }}
{{ i18n "AlmaLinux shim passes the " }}{{ i18n "official review" }} {{ i18n "and is signed by Microsoft." }}

{{ i18n "AlmaLinux shim trusts 3 certificates:" }}

From 9bb03c7b8f40c1711537b7e89f02e71d641b30f5 Mon Sep 17 00:00:00 2001 From: Sofia Boldyreva Date: Wed, 27 Mar 2024 20:03:55 +0100 Subject: [PATCH 3/5] Updated en.json --- i18n/en.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/i18n/en.json b/i18n/en.json index e907ed2..2af4401 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -584,7 +584,7 @@ "See the full Hackathon agenda": "See the full Hackathon agenda", "11:00 am": "11:00 am", "Secure Boot is a security feature that ensures a system boots only with trusted software, preventing the loading of unauthorized operating systems or software that could potentially compromise the system's integrity.": "Secure Boot is a security feature that ensures a system boots only with trusted software, preventing the loading of unauthorized operating systems or software that could potentially compromise the system's integrity.", - "AlmaLinux provides Secure Boot support starting the AlmaLinux 8.4 release.": "AlmaLinux provides Secure Boot support starting the AlmaLinux 8.4 release.", + "AlmaLinux provides Secure Boot support starting with the AlmaLinux 8.4 release.": "AlmaLinux provides Secure Boot support starting with the AlmaLinux 8.4 release.", "AlmaLinux shim passes the ": "AlmaLinux shim passes the ", "official review": "official review", "and is signed by Microsoft.": "and is signed by Microsoft.", From ab2d0dc93e98a2999de2edfeabddc0b4f89e573b Mon Sep 17 00:00:00 2001 From: Sofia Boldyreva Date: Mon, 1 Apr 2024 15:06:10 +0200 Subject: [PATCH 4/5] Removed non-valid certificate and fixed links --- assets/css/bundle.css | 4 ++++ i18n/en.json | 2 +- layouts/security/single.html | 36 ++++++++++++++++-------------------- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/assets/css/bundle.css b/assets/css/bundle.css index d0acf0d..7049127 100644 --- a/assets/css/bundle.css +++ b/assets/css/bundle.css @@ -7,6 +7,10 @@ padding: 0 ; } +.al-index-security-measures-container a { + color: #f1f8ff; + } + .itemAl_01 a { color: #f1f8ff; } diff --git a/i18n/en.json b/i18n/en.json index 2af4401..d868323 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -588,7 +588,7 @@ "AlmaLinux shim passes the ": "AlmaLinux shim passes the ", "official review": "official review", "and is signed by Microsoft.": "and is signed by Microsoft.", - "AlmaLinux shim trusts 3 certificates:": "AlmaLinux shim trusts 3 certificates:", + "AlmaLinux shim trusts 2 certificates:": "AlmaLinux shim trusts 2 certificates:", "Signed for:": "Signed for:", "Verified by:": "Verified by:", "Expires:": "Expires:" diff --git a/layouts/security/single.html b/layouts/security/single.html index 1e522b2..bb08bf1 100644 --- a/layouts/security/single.html +++ b/layouts/security/single.html @@ -14,11 +14,14 @@ display:flex; flex-direction: column; } + .itemAl_01 { + width: auto!important; + } }
-
+

{{ i18n "Security Measures" }}

@@ -26,7 +29,7 @@

- {{ i18n "AlmaLinux OS Foundation provides errata to inform users about available updates, including security issues and bug fixes, and their significance through analysis. Users can easily access this information by accessing our AlmaLinux security advisory portal, known as " }}{{ i18n "AlmaLinux Errata" }}. {{ i18n "More details on Errata and how to use it can be found on the " }}{{ i18n "AlmaLinux Errata Wiki page" }}.
{{ i18n "Additionally, AlmaLinux OS is present in the " }}{{ i18n "OSV database" }}.

+ {{ i18n "AlmaLinux OS Foundation provides errata to inform users about available updates, including security issues and bug fixes, and their significance through analysis. Users can easily access this information by accessing our AlmaLinux security advisory portal, known as " }}{{ i18n "AlmaLinux Errata" }}. {{ i18n "More details on Errata and how to use it can be found on the " }}{{ i18n "AlmaLinux Errata Wiki page" }}.
{{ i18n "Additionally, AlmaLinux OS is present in the " }}{{ i18n "OSV database" }}.

{{ i18n "Errata in JSON format for 3rd party software integration:" }}

@@ -104,7 +107,7 @@

{{ i18n "To receive security updates and errata, users can sign up for the " }} - {{ i18n "AlmaLinux Security Mailing List" }}. + {{ i18n "AlmaLinux Security Mailing List" }}. {{ i18n "Subscribing to the list will allow users to stay informed and updated on any security fixes as soon as they are available." }}

@@ -148,7 +151,7 @@

{{ i18n "You can find more about OVAL Streams on the " }} - {{ i18n "AlmaLinux OVAL Wiki Page" }}. + {{ i18n "AlmaLinux OVAL Wiki Page" }}.

@@ -160,10 +163,10 @@

{{ i18n "The Software Bill of Materials (SBOM) provides a comprehensive list of third-party and open-source components in a codebase, including version numbers, licensing information, and potential vulnerabilities." }} {{ i18n "AlmaLinux Build System has implemented SBOM into its pipeline for security purposes, such as tracing the build process, making it more secure, and reducing the risk of data corruption. " }} - {{ i18n "Read more" }} + {{ i18n "Read more" }} {{ i18n "about SBOM integration in AlmaLinux." }}
{{ i18n "AlmaLinux OS also provides " }} - {{ i18n "AlmaLinux SBOM User Guide" }} + {{ i18n "AlmaLinux SBOM User Guide" }}

@@ -175,29 +178,22 @@

{{ i18n "Secure Boot is a security feature that ensures a system boots only with trusted software, preventing the loading of unauthorized operating systems or software that could potentially compromise the system's integrity." }}
{{ i18n "AlmaLinux provides Secure Boot support starting with the AlmaLinux 8.4 release." }} -
{{ i18n "AlmaLinux shim passes the " }}{{ i18n "official review" }} {{ i18n "and is signed by Microsoft." }}
-
{{ i18n "AlmaLinux shim trusts 3 certificates:" }} +
{{ i18n "AlmaLinux shim passes the " }}{{ i18n "official review" }} {{ i18n "and is signed by Microsoft." }}
+
{{ i18n "AlmaLinux shim trusts 2 certificates:" }}

-
-
-

almalinux-sb-cert-1.der

+
+
+

almalinux-sb-cert-1.der

{{ i18n "Signed for:" }} AlmaLinux OS Foundation {{ i18n "Verified by:" }} Sectigo Public Code Signing CA EV R36 {{ i18n "Expires:" }} 30.01.2025
-
-

almalinux-sb-cert-2.der

+
+

almalinux-sb-cert-2.der

{{ i18n "Signed for:" }} AlmaLinux OS Foundation {{ i18n "Verified by:" }} SSL.com EV Code Signing Intermediate CA RSA {{ i18n "Expires:" }} 19.01.2025
-
-

almalinux-sb-cert-3.der

- {{ i18n "Signed for:" }} AlmaLinux OS Foundation - {{ i18n "Verified by:" }} AlmaLinux Secure Boot CA - {{ i18n "Expires:" }} 14.03.2034 -
-
From 7d12c9881a69cf4f5465421a5ed32f63ada7fd3c Mon Sep 17 00:00:00 2001 From: bennyvasquez Date: Mon, 1 Apr 2024 14:25:34 +0000 Subject: [PATCH 5/5] Automagic i18n string updates --- i18n/en.json | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/i18n/en.json b/i18n/en.json index d868323..d43e5d9 100644 --- a/i18n/en.json +++ b/i18n/en.json @@ -587,9 +587,10 @@ "AlmaLinux provides Secure Boot support starting with the AlmaLinux 8.4 release.": "AlmaLinux provides Secure Boot support starting with the AlmaLinux 8.4 release.", "AlmaLinux shim passes the ": "AlmaLinux shim passes the ", "official review": "official review", - "and is signed by Microsoft.": "and is signed by Microsoft.", - "AlmaLinux shim trusts 2 certificates:": "AlmaLinux shim trusts 2 certificates:", + "and is signed by Microsoft.": "and is signed by Microsoft.", + "AlmaLinux shim trusts 2 certificates:": "AlmaLinux shim trusts 2 certificates:", "Signed for:": "Signed for:", "Verified by:": "Verified by:", - "Expires:": "Expires:" -} + "Expires:": "Expires:", + "AlmaLinux OS provides a set of security features: Errata, GPG keys, Mailing Lists, OpenSCAP, OVAL, SBOM": "AlmaLinux OS provides a set of security features: Errata, GPG keys, Mailing Lists, OpenSCAP, OVAL, SBOM" +} \ No newline at end of file