23300489 Add shim to Userland
authorAnn Lai <ann.lai@oracle.com>
Tue, 01 Nov 2016 12:25:39 -0700
changeset 7222 37e367b978c0
parent 7221 0e3ebbcfc116
child 7223 6f6f0fff497b
23300489 Add shim to Userland PSARC 2015/563
components/shim/Makefile
components/shim/patches/01-Makefile.patch
components/shim/patches/02-shim.patch
components/shim/patches/03-netboot.patch
components/shim/patches/04-PeImage_h.patch
components/shim/patches/05-efiauthenticated_h.patch
components/shim/patches/06-Cryptlib_OpenSSL_Makefile.patch
components/shim/patches/07-remove_elliptical.patch
components/shim/shim.license
components/shim/shim.ms
components/shim/shim.p5m
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/shim/Makefile	Tue Nov 01 12:25:39 2016 -0700
@@ -0,0 +1,58 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+#
+
+BUILD_ARCH= i386
+BUILD_BITS= 64
+# component fails to build with Studio
+COMPILER= gcc
+include ../../make-rules/shared-macros.mk
+
+COMPONENT_NAME=		shim
+COMPONENT_VERSION=	0.9
+COMPONENT_PROJECT_URL=  https://github.com/rhinstaller/$(COMPONENT_NAME)
+COMPONENT_ARCHIVE_HASH= \
+    sha256:d277d7bea0b5d554dacf284d84252a5e995fb4ef54b6de5ec6296c6c2a9a21bd
+COMPONENT_ARCHIVE_URL=  https://github.com/rhinstaller/$(COMPONENT_NAME)/archive/$(COMPONENT_VERSION).tar.gz
+COMPONENT_BUGDB=	boot/shim
+
+TPNO=			25414
+
+BUILD_STYLE= justmake
+TEST_TARGET= $(NO_TESTS)
+include $(WS_MAKE_RULES)/common.mk
+
+COMPONENT_PREP_ACTION +=(cp elf_x86_64_efi_sol2.lds $(SOURCE_DIR))
+
+ORACLE_CERT=$(SOURCE_DIR)/../OL7Secureboot.cer
+export VENDOR_CERT_FILE=$(ORACLE_CERT)
+PATH=$(GNUBIN):/usr/bin
+
+REQUIRED_PACKAGES += developer/gcc
+REQUIRED_PACKAGES += developer/gnu-binutils
+ifeq ($(MACH), i386)
+REQUIRED_PACKAGES += developer/sbsigntool
+REQUIRED_PACKAGES += library/libgnuefi
+endif
+REQUIRED_PACKAGES += text/text-utilities
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/shim/patches/01-Makefile.patch	Tue Nov 01 12:25:39 2016 -0700
@@ -0,0 +1,115 @@
+# Source: Internal
+# Info: Written internally so this component can be built on Solaris.
+# Status: This patch is offered at https://github.com/rhinstaller/shim/issues/54
+
+--- ORIGINAL/Makefile	2016-06-24 03:08:28.270393201 +0000
++++ shim-0.9/Makefile	2016-08-01 20:57:34.268232472 +0000
[email protected]@ -1,38 +1,52 @@
+ VERSION		= 0.9
+-RELEASE		:=
++RELEASE		:=""
+ ifneq ($(RELEASE),"")
+ 	RELEASE="-$(RELEASE)"
+ endif
+ 
+ CC		= $(CROSS_COMPILE)gcc
+-LD		= $(CROSS_COMPILE)ld
+-OBJCOPY		= $(CROSS_COMPILE)objcopy
++OS		= $(shell uname -s)
++ifeq ($(OS),SunOS) 
++	LD		= /usr/gnu/bin/ld
++	OBJCOPY		= /usr/gnu/bin/objcopy
++	ARCH		= $(shell isainfo -n)
++	LIB_PATH	= /usr/lib/amd64
++	EFI_PATH	:= /usr/lib/amd64/efi
++	DEFAULT_LOADER	:= \\\\grubx64.efi
++	# FreeBSD reports amd64 instead of x86_64
++	ifeq ($(ARCH),amd64)
++	  override ARCH := x86_64
++	endif
++	EFI_LDS		= elf_$(ARCH)_efi_sol2.lds
++else
++	LD		= $(CROSS_COMPILE)ld
++	OBJCOPY		= /usr/gnu/bin/objcopy
++	ARCH		= $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,)
++	LIB_PATH	= /usr/lib/amd64
++	EFI_PATH	:= /usr/lib64/gnuefi
++	DEFAULT_LOADER	:= \\\\grub.efi
++	EFI_LDS		= elf_$(ARCH)_efi.lds
++endif
+ 
+-ARCH		= $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,)
+ OBJCOPY_GTE224  = $(shell expr `$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.* //g' | cut -f1-2 -d.` \>= 2.24)
+ 
+ SUBDIRS		= Cryptlib lib
+ 
+-LIB_PATH	= /usr/lib64
+-
+ EFI_INCLUDE	:= /usr/include/efi
+ EFI_INCLUDES	= -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -I$(shell pwd)/include
+-EFI_PATH	:= /usr/lib64/gnuefi
+ 
+ LIB_GCC		= $(shell $(CC) -print-libgcc-file-name)
+ EFI_LIBS	= -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) 
+ 
+ EFI_CRT_OBJS 	= $(EFI_PATH)/crt0-efi-$(ARCH).o
+-EFI_LDS		= elf_$(ARCH)_efi.lds
+ 
+-DEFAULT_LOADER	:= \\\\grub.efi
+ CFLAGS		= -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
+ 		  -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \
+ 		  -Werror=sign-compare -ffreestanding \
+ 		  -I$(shell $(CC) -print-file-name=include) \
+ 		  "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
+ 		  "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
+-		  $(EFI_INCLUDES)
++		  $(EFI_INCLUDES) -I/usr/include
+ 
+ ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined)
+ 	CFLAGS	+= -DOVERRIDE_SECURITY_POLICY
[email protected]@ -93,10 +107,12 @@
+ 		-e "s,@@[email protected]@,$(shell if [ -d .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo commit id not available; fi)," \
+ 		< version.c.in > version.c
+ 
++ifneq ($(OS),SunOS)
+ certdb/secmod.db: shim.crt
+ 	-mkdir certdb
+ 	pk12util -d certdb/ -i shim.p12 -W "" -K ""
+ 	certutil -d certdb/ -A -i shim.crt -n shim -t u
++endif
+ 
+ shim.o: $(SOURCES) shim_cert.h
+ 
[email protected]@ -156,16 +172,32 @@
+ 		-j .note.gnu.build-id \
+ 		$(FORMAT) $^ [email protected]
+ 
++ifeq ($(OS),SunOS)
++%.efi.signed: %.efi shim.crt
++	sbsign --cert $(word 2,$^) --key shim.key --output [email protected] $<
++else
+ %.efi.signed: %.efi certdb/secmod.db
+ 	pesign -n certdb -i $< -c "shim" -s -o [email protected] -f
++endif
+ 
+ clean:
+ 	$(MAKE) -C Cryptlib clean
+ 	$(MAKE) -C Cryptlib/OpenSSL clean
+ 	$(MAKE) -C lib clean
++	ifeq ($(OS),SunOS)
++	rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS)
++	else
+ 	rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb
++	endif
+ 	rm -f *.debug *.so *.efi *.tar.* version.c
+ 
++ifeq ($(OS),SunOS)
++install:
++	echo $(DESTDIR)
++	mkdir -p $(DESTDIR)/boot
++	install -m 0755 $(TARGET) $(DESTDIR)/boot
++endif
++
+ GITTAG = $(VERSION)
+ 
+ test-archive:
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/shim/patches/02-shim.patch	Tue Nov 01 12:25:39 2016 -0700
@@ -0,0 +1,63 @@
+# Source: Internal
+# Info: Written internally so this component can be built and run on Solaris.
+# Status: This patch is offered at https://github.com/rhinstaller/shim/issues/54
+
+--- ORIGINAL/shim.c	2016-06-24 03:08:17.837273349 +0000
++++ shim-0.9/shim.c	2016-08-01 21:16:42.359585949 +0000
[email protected]@ -53,6 +53,11 @@
+ #define FALLBACK L"\\fallback.efi"
+ #define MOK_MANAGER L"\\MokManager.efi"
+ 
++#ifdef __sun
++#include <sys/int_types.h>
++typedef    uint64_t    UINTN;
++#endif
++	
+ static EFI_SYSTEM_TABLE *systab;
+ static EFI_HANDLE image_handle;
+ static EFI_STATUS (EFIAPI *entry_point) (EFI_HANDLE image_handle, EFI_SYSTEM_TABLE *system_table);
[email protected]@ -1590,6 +1595,9 @@
+ 	CHAR16 *PathName = NULL;
+ 	void *sourcebuffer = NULL;
+ 	UINT64 sourcesize = 0;
++#ifdef __sun
++	UINT8 boot_grub = 0;
++#endif
+ 	void *data = NULL;
+ 	int datasize;
+ 
[email protected]@ -1616,7 +1624,13 @@
+ 	}
+ 
+ 	if (findNetboot(li->DeviceHandle)) {
++#ifdef __sun
++		if (PathName[0] == 'g')
++			boot_grub = 1;
++		efi_status = parseNetbootinfo(image_handle, boot_grub);
++#else
+ 		efi_status = parseNetbootinfo(image_handle);
++#endif
+ 		if (efi_status != EFI_SUCCESS) {
+ 			perror(L"Netboot parsing failed: %r\n", efi_status);
+ 			return EFI_PROTOCOL_ERROR;
[email protected]@ -1690,7 +1704,7 @@
+ 
+ 	efi_status = start_image(image_handle, use_fb ? FALLBACK :second_stage);
+ 
+-	if (efi_status == EFI_SECURITY_VIOLATION) {
++	if (efi_status != EFI_SUCCESS) {
+ 		efi_status = start_image(image_handle, MOK_MANAGER);
+ 		if (efi_status != EFI_SUCCESS) {
+ 			Print(L"start_image() returned %r\n", efi_status);
[email protected]@ -2173,7 +2187,11 @@
+ 	while (x++) {
+ 		/* Make this so it can't /totally/ DoS us. */
+ #if defined(__x86_64__) || defined(__i386__) || defined(__i686__)
++#ifndef __sun
+ 		if (x > 4294967294)
++#else
++		if (x > 4294967294LL)
++#endif
+ 			break;
+ 		__asm__ __volatile__("pause");
+ #elif defined(__aarch64__)
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/shim/patches/03-netboot.patch	Tue Nov 01 12:25:39 2016 -0700
@@ -0,0 +1,107 @@
+# Source: Internal
+# Info: Written internally so this component can be built and run on Solaris.
+# Status: This patch is offered at https://github.com/rhinstaller/shim/issues/54
+
+--- ORIGINAL/netboot.h  2016-06-29 02:22:41.249041492 +0000
++++ shim-0.9/netboot.h  2016-06-29 02:22:48.250540430 +0000
[email protected]@ -3,7 +3,11 @@
+
+ extern BOOLEAN findNetboot(EFI_HANDLE image_handle);
+
++#ifndef __sun
+ extern EFI_STATUS parseNetbootinfo(EFI_HANDLE image_handle);
++#else
++extern EFI_STATUS parseNetbootinfo(EFI_HANDLE image_handle, UINT8 boot_grub);
++#endif
+
+ extern EFI_STATUS FetchNetbootimage(EFI_HANDLE image_handle, VOID **buffer, UINT64 *bufsiz);
+ #endif
+
+--- ORIGINAL/netboot.c	2016-06-28 04:01:44.455712794 +0000
++++ shim-0.9/netboot.c	2016-06-29 02:17:31.667622371 +0000
[email protected]@ -42,6 +42,10 @@
+ 
+ #define ntohs(x) __builtin_bswap16(x)	/* supported both by GCC and clang */
+ #define htons(x) ntohs(x)
++#ifdef __sun
++# define GRUB_BOOT_FILE ".grub2netx64.uefi"
++# define MOK_BOOT_FILE ".MokManager.uefi"
++#endif
+ 
+ static EFI_PXE_BASE_CODE *pxe;
+ static EFI_IP_ADDRESS tftp_addr;
[email protected]@ -273,14 +277,25 @@
+ 	return EFI_SUCCESS;
+ }
+ 
++#ifndef __sun
+ static EFI_STATUS parseDhcp4()
++#else
++static EFI_STATUS parseDhcp4(UINT8 boot_grub)
++#endif
+ {
++#ifndef __sun
+ 	CHAR8 *template = (CHAR8 *)translate_slashes(DEFAULT_LOADER_CHAR);
++#else
++	CHAR8 *template = boot_grub ? (CHAR8 *)GRUB_BOOT_FILE:(CHAR8 *)MOK_BOOT_FILE;
++#endif
+ 	INTN template_len = strlen(template) + 1;
+ 
+ 	INTN dir_len = strnlena(pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile, 127);
+ 	INTN i;
+ 	UINT8 *dir = pxe->Mode->DhcpAck.Dhcpv4.BootpBootFile;
++#ifdef __sun
++	UINT8 BootpHwAddrLen = pxe->Mode->DhcpAck.Dhcpv4.BootpHwAddrLen;
++#endif
+ 
+ 	for (i = dir_len; i >= 0; i--) {
+ 		if (dir[i] == '/')
[email protected]@ -288,7 +303,11 @@
+ 	}
+ 	dir_len = (i >= 0) ? i + 1 : 0;
+ 
++#ifndef __sun
+ 	full_path = AllocateZeroPool(dir_len + template_len);
++#else
++	full_path = AllocateZeroPool(dir_len + template_len + BootpHwAddrLen*2 + 2);
++#endif
+ 
+ 	if (!full_path)
+ 		return EFI_OUT_OF_RESOURCES;
[email protected]@ -298,6 +317,12 @@
+ 		if (full_path[dir_len-1] == '/' && template[0] == '/')
+ 			full_path[dir_len-1] = '\0';
+ 	}
++#ifdef __sun
++	else {
++		strncpya(full_path, dir, BootpHwAddrLen*2 + 2);
++	}
++#endif
++
+ 	if (dir_len == 0 && dir[0] != '/' && template[0] == '/')
+ 		template++;
+ 	strcata(full_path, template);
[email protected]@ -306,7 +331,11 @@
+ 	return EFI_SUCCESS;
+ }
+ 
++#ifndef __sun
+ EFI_STATUS parseNetbootinfo(EFI_HANDLE image_handle)
++#else
++EFI_STATUS parseNetbootinfo(EFI_HANDLE image_handle, UINT8 boot_grub)
++#endif
+ {
+ 
+ 	EFI_STATUS rc;
[email protected]@ -323,7 +352,11 @@
+ 	if (pxe->Mode->UsingIpv6){
+ 		rc = parseDhcp6();
+ 	} else
++#ifndef __sun
+ 		rc = parseDhcp4();
++#else
++		rc = parseDhcp4(boot_grub);
++#endif
+ 	return rc;
+ }
+ 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/shim/patches/04-PeImage_h.patch	Tue Nov 01 12:25:39 2016 -0700
@@ -0,0 +1,18 @@
+# Source: Internal
+# Info: Written internally so this component can be built on Solaris.
+# Status: This patch is offered at https://github.com/rhinstaller/shim/issues/54
+
+--- ORIGINAL/include/PeImage.h	2016-06-24 03:08:21.920617695 +0000
++++ shim-0.9/include/PeImage.h	2016-08-01 20:56:15.093433529 +0000
[email protected]@ -24,6 +24,11 @@
+ 
+ #include <wincert.h>
+ 
++#ifdef __sun
++#include <sys/int_types.h> 
++typedef    uint64_t    UINTN; 
++#endif
++
+ #define SIGNATURE_16(A, B)        ((A) | (B << 8))
+ #define SIGNATURE_32(A, B, C, D)  (SIGNATURE_16 (A, B) | (SIGNATURE_16 (C, D) << 16))
+ #define SIGNATURE_64(A, B, C, D, E, F, G, H) \
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/shim/patches/05-efiauthenticated_h.patch	Tue Nov 01 12:25:39 2016 -0700
@@ -0,0 +1,18 @@
+# Source: Internal
+# Info: Written internally so this component can be built on Solaris.
+# Status: This patch is offered at https://github.com/rhinstaller/shim/issues/54
+
+--- ORIGINAL/include/efiauthenticated.h	2016-06-24 03:08:20.857258353 +0000
++++ shim-0.9/include/efiauthenticated.h	2016-08-01 21:25:06.234152722 +0000
[email protected]@ -72,6 +72,11 @@
+     0x4aafd29d, 0x68df, 0x49ee, {0x8a, 0xa9, 0x34, 0x7d, 0x37, 0x56, 0x65, 0xa7} \
+   }
+ 
++#ifdef __sun
++#include <sys/int_types.h> 
++typedef    uint64_t    UINTN; 
++#endif
++
+ ///
+ /// WIN_CERTIFICATE_UEFI_GUID.CertType
+ /// 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/shim/patches/06-Cryptlib_OpenSSL_Makefile.patch	Tue Nov 01 12:25:39 2016 -0700
@@ -0,0 +1,19 @@
+# Source: Internal
+# Info: Written internally to remove building with elliptical curve on Solaris.
+# Status: This patch is offered internally.  This patch should no longer be
+#        necessary when PSARC/2016/417 integrated.
+
+--- ORIGINAL/Cryptlib/OpenSSL/Makefile	2016-06-28 00:53:45.007937677 +0000
++++ shim-0.9/Cryptlib/OpenSSL/Makefile	2016-06-28 03:29:09.829241137 +0000
[email protected]@ -1,9 +1,9 @@
+ 
+-EFI_INCLUDES	= -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol
++EFI_INCLUDES	= -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -I/usr/include
+ 
+ CFLAGS		= -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc \
+ 		  -ffreestanding -I$(shell $(CC) -print-file-name=include) \
+-		  -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC
++		  -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC -DOPENSSL_NO_EC -DOPENSSL_NO_ECDSA -DOPENSSL_NO_ECDH
+ 
+ ifeq ($(ARCH),x86_64)
+ 	CFLAGS	+= -mno-mmx -mno-sse -mno-red-zone -maccumulate-outgoing-args \
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/shim/patches/07-remove_elliptical.patch	Tue Nov 01 12:25:39 2016 -0700
@@ -0,0 +1,53 @@
+# Source: Internal
+# Info: Written internally so this component can be built without elliptical 
+# curve on Solaris.
+# Status: This patch is offered internally.  This patch should no longer be
+#        necessary when PSARC/2016/417 integrated.
+
+--- ORIGINAL//Cryptlib/Include/openssl/ec.h	2016-06-24 03:08:38.274809074 +0000
++++ shim-0.9/Cryptlib/Include/openssl/ec.h	2016-06-29 01:53:09.700908601 +0000
[email protected]@ -75,7 +75,11 @@
+ # include <openssl/opensslconf.h>
+ 
+ # ifdef OPENSSL_NO_EC
+-#  error EC is disabled.
++#  ifndef __sun
++#   error EC is disabled.
++#  else
++#   warning EC is disabled.
++#  endif
+ # endif
+ 
+ # include <openssl/asn1.h>
+
+--- ORIGINAL//Cryptlib/Include/openssl/ecdh.h   2016-06-24 03:08:35.818258914 +0000
++++ shim-0.9/Cryptlib/Include/openssl/ecdh.h    2016-06-29 02:03:12.091858470 +0000
[email protected]@ -72,7 +72,11 @@
+ # include <openssl/opensslconf.h>
+
+ # ifdef OPENSSL_NO_ECDH
+-#  error ECDH is disabled.
++#  ifndef __sun
++#   error ECDH is disabled.
++#  else
++#   warning ECDH is disabled.
++#  endif
+ # endif
+
+ # include <openssl/ec.h>
+
+--- ORIGINAL//Cryptlib/Include/openssl/ecdsa.h  2016-06-24 03:08:37.043840450 +0000
++++ shim-0.9/Cryptlib/Include/openssl/ecdsa.h   2016-06-29 02:05:18.658775097 +0000
[email protected]@ -62,7 +62,11 @@
+ # include <openssl/opensslconf.h>
+
+ # ifdef OPENSSL_NO_ECDSA
+-#  error ECDSA is disabled.
++#  ifndef __sun
++#   error ECDSA is disabled.
++#  else
++#   warning ECDSA is disabled.
++#  endif
+ # endif
+
+ # include <openssl/ec.h>
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/shim/shim.license	Tue Nov 01 12:25:39 2016 -0700
@@ -0,0 +1,1123 @@
+Shim is licensed under an overarching BSD license and have some subcomponents licensed under OpenSSL  licenses.  It also contains a certificate from DigiCert.
+
+./COPYRIGHT:
+./netboot.c:
+./replacements.c:
+./shim.c:
+    Copyright 2012 Red Hat, Inc <[email protected]>
+    
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions
+    are met:
+    
+    Redistributions of source code must retain the above copyright
+    notice, this list of conditions and the following disclaimer.
+    
+    Redistributions in binary form must reproduce the above copyright
+    notice, this list of conditions and the following disclaimer in the
+    documentation and/or other materials provided with the
+    distribution.
+    
+    THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+    "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+    LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+    FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+    INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+    (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+    SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+    HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+    STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+    OF THE POSSIBILITY OF SUCH DAMAGE.
+    
+    Significant portions of this code are derived from Tianocore
+    (http://tianocore.sf.net) and are Copyright 2009-2012 Intel
+Corporation.
+
+Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR>
+
+     * Copyright (c) 1998- 2014 The OpenSSL Project.  All rights reserved.
+    
+./Cryptlib/Include/openssl/:
+./Cryptlib/OpenSSL/crypto/:
+./Cryptlib/OpenSSL/e_os.h:
+    /* Copyright (C) 1995-1998 Eric Young ([email protected])
+     * All rights reserved.
+     *
+     * This package is an SSL implementation written
+     * by Eric Young ([email protected]).
+     * The implementation was written so as to conform with Netscapes SSL.
+     *
+     * This library is free for commercial and non-commercial use as long as
+     * the following conditions are aheared to.  The following conditions
+     * apply to all code found in this distribution, be it the RC4, RSA,
+     * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+     * included with this distribution is covered by the same copyright terms
+     * except that the holder is Tim Hudson ([email protected]).
+     *
+     * Copyright remains Eric Young's, and as such any Copyright notices in
+     * the code are not to be removed.
+     * If this package is used in a product, Eric Young should be given attribution
+     * as the author of the parts of the library used.
+     * This can be in the form of a textual message at program startup or
+     * in documentation (online or textual) provided with the package.
+     *
+     * Redistribution and use in source and binary forms, with or without
+     * modification, are permitted provided that the following conditions
+    --
+     * 1. Redistributions of source code must retain the copyright
+     *    notice, this list of conditions and the following disclaimer.
+     * 2. Redistributions in binary form must reproduce the above copyright
+     *    notice, this list of conditions and the following disclaimer in the
+     *    documentation and/or other materials provided with the distribution.
+     * 3. All advertising materials mentioning features or use of this software
+     *    must display the following acknowledgement:
+     *    "This product includes cryptographic software written by
+     *     Eric Young ([email protected])"
+     *    The word 'cryptographic' can be left out if the rouines from the library
+     *    being used are not cryptographic related :-).
+     * 4. If you include any Windows specific code (or a derivative thereof) from
+     *    the apps directory (application code) you must include an acknowledgement:
+     *    "This product includes software written by Tim Hudson ([email protected])"
+     *
+     * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+     * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+     * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+     * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+     * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+     * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+     * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+     * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+     * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+     * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+     * SUCH DAMAGE.
+     *
+     * The licence and distribution terms for any publically available version or
+     * derivative of this code cannot be changed.  i.e. this code cannot simply be
+     * copied and put under another distribution licence
+     * [including the GNU Public Licence.]
+     */
+     * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+     *
+     * Portions of the attached software ("Contribution") are developed by
+     * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+     *
+     * The Contribution is licensed pursuant to the Eric Young open source
+     * license provided above.
+     *
+     * The binary polynomial arithmetic software is originally written by
+     * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+     *
+     */
+     * This product includes cryptographic software written by Eric Young
+     * ([email protected]).  This product includes software written by Tim
+     * Hudson ([email protected]).
+     *
+     * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+     * ECDH support in OpenSSL originally developed by
+     * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+     */
+     * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+     *
+     * Portions of the attached software ("Contribution") are developed by
+     * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+     *
+     * The Contribution is licensed pursuant to the OpenSSL open source
+     * license provided above.
+     *
+     * The elliptic curve binary polynomial software is originally written by
+     * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+     *
+     * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+     *
+     * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+     * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+     * to the OpenSSL project.
+     *
+     * The ECC Code is licensed pursuant to the OpenSSL open source
+     * license provided below.
+     *
+     * The ECDH software is originally written by Douglas Stebila of
+     * Sun Microsystems Laboratories.
+     *
+     * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+     * ECDH support in OpenSSL originally developed by
+     * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+
+     * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+     *
+     * Portions of the attached software ("Contribution") are developed by
+     * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+     *
+     * The Contribution is licensed pursuant to the OpenSSL open source
+     * license provided above.
+     *
+     * ECC cipher suite support in OpenSSL originally written by
+     * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
+     *
+     * Copyright (c) 2004, Richard Levitte <[email protected]>
+     * All rights reserved.
+     *
+     * Redistribution and use in source and binary forms, with or without
+     * modification, are permitted provided that the following conditions
+     * are met:
+     * 1. Redistributions of source code must retain the above copyright
+     *    notice, this list of conditions and the following disclaimer.
+     * 2. Redistributions in binary form must reproduce the above copyright
+     *    notice, this list of conditions and the following disclaimer in the
+     *    documentation and/or other materials provided with the distribution.
+     *
+     * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+     * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+     * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+     * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+     * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+     * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+    --
+     * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+     * SUCH DAMAGE.
+     */
+     * @author Vincent Rijmen <[email protected]>
+     * @author Antoon Bosselaers <[email protected]>
+     * @author Paulo Barreto <[email protected]>
+     *
+     * This code is hereby placed in the public domain.
+     *
+     * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS
+     * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+     * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+     * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE
+     * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+     * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+     * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+     * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+     * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+     * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
+     * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+     * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+     * Binary polynomial ECC support in OpenSSL originally developed by
+     * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+     */
+/*
+  * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From
+  * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDG    E
+  * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+  */
+     * Copyright Patrick Powell 1995
+     * This code is based on code written by Patrick Powell <[email protected]>
+     * It may be used for any purpose as long as this notice remains intact
+     * on all source code distributions.
+     */
+     * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+     *
+     * Portions of the attached software ("Contribution") are developed by 
+     * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+     *
+     * The Contribution is licensed pursuant to the Eric Young open source
+     * license provided above.
+     *
+     * The binary polynomial arithmetic software is originally written by 
+     * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+
+
+     * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+     *
+     * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+     * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+     * to the OpenSSL project.
+     *
+     * The ECC Code is licensed pursuant to the OpenSSL open source
+     * license provided below.
+     *
+     * In addition, Sun covenants to all licensees who provide a reciprocal
+     * covenant with respect to their own patents if any, not to sue under
+     * current and future patent claims necessarily infringed by the making,
+     * using, practicing, selling, offering for sale and/or otherwise
+     * disposing of the ECC Code as delivered hereunder (or portions thereof),
+     * provided that such covenant shall not apply:
+     *  1) for code that a licensee deletes from the ECC Code;
+     *  2) separates from the ECC Code; or
+     *  3) for infringements caused by:
+     *       i) the modification of the ECC Code or
+     *      ii) the combination of the ECC Code with other software or
+     *          devices where such combination causes the infringement.
+     *
+     * The software is originally written by Sheueling Chang Shantz and
+     * Douglas Stebila of Sun Microsystems Laboratories.
+     * NOTE: This file is licensed pursuant to the OpenSSL license below and may
+     * be modified; but after modifications, the above covenant may no longer
+     * apply! In such cases, the corresponding paragraph ["In addition, Sun
+     * covenants ... causes the infringement."] and this note can be edited out;
+     * but please keep the Sun copyright notice and attribution.
+     */
+* Invert a, reduce modulo p, and store the result in r. r could be a. Uses
+ * Modified Almost Inverse Algorithm (Algorithm 10) from Hankerson, D.,
+     * Hernandez, J.L., and Menezes, A.  "Software Implementation of Elliptic
+     * Curve Cryptography Over Binary Fields".
+
+     * From "Message Authentication" R.R. Jueneman, S.M. Matyas, C.H. Meyer IEEE
+     * Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40 This module in
+     * only based on the code in this paper and is almost definitely not the sam    e
+     * as the MIT implementation.
+    /*  @(#)des.h   2.2 88/08/10 4.0 RPCSRC; from 2.7 88/02/08 SMI  */
+/*
+ * Sun RPC is a product of Sun Microsystems, Inc. and is provided for
+ * unrestricted use provided that this legend is included on all tape
+ * media and as a part of the software program in whole or part.  Users
+ * may copy or modify Sun RPC without charge, but are not authorized
+ * to license or distribute it to anyone else except as part of a product or
+ * program developed by the user.
+ *
+ * SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE
+ * WARRANTIES OF DESIGN, MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE, OR ARISING FROM A COURSE OF DEALING, USAGE OR TRADE PRACTICE.
+ *
+ * Sun RPC is provided with no support and without any obligation on the
+ * part of Sun Microsystems, Inc. to assist in its use, correction,
+ * modification or enhancement.
+ *
+ * SUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE
+ * INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS BY SUN RPC
+ * OR ANY PART THEREOF.
+ *
+ * In no event will Sun Microsystems, Inc. be liable for any lost revenue
+* or profits or other special, indirect and consequential damages, even if
+ * Sun has been advised of the possibility of such damages.
+ *
+ * Sun Microsystems, Inc.
+ * 2550 Garcia Avenue
+ * Mountain View, California  94043
+ */
+/*
+ * Generic DES driver interface
+ * Keep this file hardware independent!
+ * Copyright (c) 1986 by Sun Microsystems, Inc.
+ */
+    /* Original version from Steven Schoch <[email protected]> */
+
+     * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+     * ECDH support in OpenSSL originally developed by
+     * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+     */
+
+     * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+     *
+     * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+     * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+     * to the OpenSSL project.
+     *
+     * The ECC Code is licensed pursuant to the OpenSSL open source
+     * license provided below.
+     *
+     * The software is originally written by Sheueling Chang Shantz and
+     * Douglas Stebila of Sun Microsystems Laboratories.
+     *
+     * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+     *
+     * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+     * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+     * to the OpenSSL project.
+     *
+     * The ECC Code is licensed pursuant to the OpenSSL open source
+     * license provided below.
+     *
+     * The software is originally written by Sheueling Chang Shantz and
+     * Douglas Stebila of Sun Microsystems Laboratories.
+     *
+     */
+
+     * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+     * Portions originally developed by SUN MICROSYSTEMS, INC., and
+     * contributed to the OpenSSL project.
+     * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+     *
+     * Portions of the attached software ("Contribution") are developed by 
+     * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
+     *
+     * The Contribution is licensed pursuant to the OpenSSL open source
+     * license provided above.
+     *
+     * The elliptic curve binary polynomial software is originally written by 
+     * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
+
+     * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+     * Portions of this software developed by SUN MICROSYSTEMS, INC.,
+     * and contributed to the OpenSSL project.
+     */
+     * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+     *
+     * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+     * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+     * to the OpenSSL project.
+     *
+     * The ECC Code is licensed pursuant to the OpenSSL open source
+     * license provided below.
+     *
+     * The ECDH software is originally written by Douglas Stebila of
+     * Sun Microsystems Laboratories.
+     *
+     */
+     * Copyright (c) 2002 Bob Beck <[email protected]>
+     * Copyright (c) 2002 Theo de Raadt
+     * Copyright (c) 2002 Markus Friedl
+     * All rights reserved.
+     *
+     * Redistribution and use in source and binary forms, with or without
+     * modification, are permitted provided that the following conditions
+     * are met:
+     * 1. Redistributions of source code must retain the above copyright
+     *    notice, this list of conditions and the following disclaimer.
+     * 2. Redistributions in binary form must reproduce the above copyright
+     *    notice, this list of conditions and the following disclaimer in the
+     *    documentation and/or other materials provided with the distribution.
+     *
+     * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+     * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+     * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+     * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
+     * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+     * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+     * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+     * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+     * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+     * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+     *
+     * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+     * ECDH support in OpenSSL originally developed by
+     * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
+     * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
+     *
+     * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
+     * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
+     * to the OpenSSL project.
+     *
+     * The ECC Code is licensed pursuant to the OpenSSL open source
+     * license provided below.
+     *
+     * The ECDH engine software is originally written by Nils Gura and
+     * Douglas Stebila of Sun Microsystems Laboratories.
+     *
+     * symbol names have been changed, with permission from the author.
+     */
+    
+    /* $LP: LPlib/source/LPdir.h,v 1.1 2004/06/14 08:56:04 _cvs_levitte Exp $ */
+    /*
+     * Copyright (c) 2004, Richard Levitte <[email protected]>
+     * All rights reserved.
+     *
+     * Redistribution and use in source and binary forms, with or without
+     * modification, are permitted provided that the following conditions
+     * are met:
+     * 1. Redistributions of source code must retain the above copyright
+     *    notice, this list of conditions and the following disclaimer.
+     * 2. Redistributions in binary form must reproduce the above copyright
+     *    notice, this list of conditions and the following disclaimer in the
+     *    documentation and/or other materials provided with the distribution.
+     *
+     * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+     * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+     * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+     * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+     * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+     * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+    --
+     * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+     * SUCH DAMAGE.
+     */
+
+    --
+     * http://developer.intel.com/design/security/rng/redist_license.htm
+     */
+             * This seeding method was proposed in Peter Gutmann, Software
+             * Generation of Practically Strong Random Numbers,
+             * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
+             * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
+             * (The assignment of entropy estimates below is arbitrary, but based
+             * on Peter's analysis the full poll appears to be safe. Additional
+           * interactive seeding is encouraged.)
+    --
+     * the original copyright message is:
+     *
+     *   (C) Copyright Microsoft Corp. 1993.  All rights reserved.
+     *
+     *   You have a royalty-free right to use, modify, reproduce and
+     *   distribute the Sample Files (and/or any modified version) in
+     *   any way you find useful, provided that you agree that
+     *   Microsoft has no warranty obligations or liability for any
+*   Sample Application Files which are modified.
+    * Written by Ulf Moeller. This software is distributed on an "AS IS" basis,
+     * WITHOUT WARRANTY OF ANY KIND, either express or implied.
+     */
+        /* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
+
+    /* Copyright (c) 2004 Kungliga Tekniska Högskolan
+     * (Royal Institute of Technology, Stockholm, Sweden).
+     * All rights reserved.
+     *
+     * Redistribution and use in source and binary forms, with or without
+     * modification, are permitted provided that the following conditions
+    --
+     * 1. Redistributions of source code must retain the above copyright
+     *    notice, this list of conditions and the following disclaimer.
+     *
+     * 2. Redistributions in binary form must reproduce the above copyright
+     *    notice, this list of conditions and the following disclaimer in the
+     *    documentation and/or other materials provided with the distribution.
+     *
+     * 3. Neither the name of the Institute nor the names of its contributors
+     *    may be used to endorse or promote products derived from this software
+     *    without specific prior written permission.
+     *
+     * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+     * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+     * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+     * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+     * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+     * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+    --
+     * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+     * SUCH DAMAGE.
+     */
+/* Calaculates and sets the affine coordinates of an EC_POINT from the given
+ * compressed coordinates.  Uses algorithm 2.3.4 of SEC 1.
+ * Note that the simple implementation only uses affine coordinates.
+ *
+ * This algorithm is patented by Certicom Corp. under US Patent 6,141,420
+ * (for licensing information, contact [email protected]).
+ * This function is disabled by default and can be enabled by defining the
+ * preprocessor macro OPENSSL_EC_BIN_PT_COMP at Configure-time.
+ */
+
+./crypt_blowfish.c:
+     * Written by Solar Designer <solar at openwall.com> in 1998-2011.
+     * No copyright is claimed, and the software is hereby placed in the public
+     * domain.  In case this attempt to disclaim copyright and place the software
+     * in the public domain is deemed null and void, then the software is
+     * Copyright (c) 1998-2011 Solar Designer and it is hereby released to the
+     * general public under the following terms:
+     *
+     * Redistribution and use in source and binary forms, with or without
+     * modification, are permitted.
+     *
+    --
+     * as part of a software package, or anywhere else to improve security,
+     * ensure compatibility, or for any other purpose.  I would appreciate
+     * it if you give credit where it is due and keep your modifications in
+     * the public domain as well, but I don't require that in order to let
+     * you place this code and any modifications you make under a license
+     * of your choice.
+     *
+     * This implementation is mostly compatible with OpenBSD's bcrypt.c (prefix
+     * "$2a$") by Niels Provos <provos at citi.umich.edu>, and uses some of his
+     * ideas.  The password hashing algorithm was designed by David Mazieres
+
+./crypt_blowfish.h:
+     * Written by Solar Designer <solar at openwall.com> in 2000-2011.
+     * No copyright is claimed, and the software is hereby placed in the public
+     * domain.  In case this attempt to disclaim copyright and place the software
+     * in the public domain is deemed null and void, then the software is
+     * Copyright (c) 2000-2011 Solar Designer and it is hereby released to the
+     * general public under the following terms:
+     *
+     * Redistribution and use in source and binary forms, with or without
+     * modification, are permitted.
+     *
+
+
+./fallback.c:
+     * Copyright 2012-2013 Red Hat, Inc.
+     * All rights reserved.
+     *
+     * See "COPYING" for license terms.
+     *
+     * Author(s): Peter Jones <[email protected]>
+     */
+    
+  
+./include/PeImage.h:
+    Copyright (c) 2006 - 2010, Intel Corporation. All rights reserved.<BR>
+    Portions copyright (c) 2008 - 2009, Apple Inc. All rights reserved.<BR>
+    This program and the accompanying materials                          
+    are licensed and made available under the terms and conditions of the BSD License         
+    which accompanies this distribution.  The full text of the license may be found at        
+    http://opensource.org/licenses/bsd-license.php.                                           
+    
+    THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,                     
+WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.             
+
+
+./lib/configtable.c:
+     * Copyright 2013 <[email protected]>
+     *
+     * see COPYING file
+     *
+
+
+./lib/console.c:
+     * Copyright 2012 <[email protected]>
+     * Copyright 2013 Red Hat Inc. <[email protected]>
+     *
+     * see COPYING file
+     */
+
+
+./lib/execute.c:
+     * Copyright 2012 <[email protected]>
+     *
+     * see COPYING file
+     * Code Copyright 2012 Red Hat, Inc <[email protected]>
+     *
+     * Redistribution and use in source and binary forms, with or without
+     * modification, are permitted provided that the following conditions
+     * are met:
+     *
+     * Redistributions of source code must retain the above copyright
+     * notice, this list of conditions and the following disclaimer.
+     *
+     * Redistributions in binary form must reproduce the above copyright
+     * notice, this list of conditions and the following disclaimer in the
+     * documentation and/or other materials provided with the
+     * distribution.
+     *
+     * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+     * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+     * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+     * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+     * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+     * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+     * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+     * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+     * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+     * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+     * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+     * OF THE POSSIBILITY OF SUCH DAMAGE.
+     *
+     */
+    
+
+./lib/guid.c:
+./lib/security_policy.c:
+./lib/shell.c:
+./lib/simple_file.c:
+     * Copyright 2012 <[email protected]>
+     *
+     * see COPYING file
+     */
+
+
+./lib/variables.c:
+     * Copyright 2012 <[email protected]>
+     *
+     * see COPYING file
+     *
+    --
+     * Copyright (c) 2011 - 2012, Intel Corporation. All rights reserved.<BR>
+     * This program and the accompanying materials
+     * are licensed and made available under the terms and conditions of the BSD License
+     * which accompanies this distribution.  The full text of the license may be found 
+     * at
+     * http://opensource.org/licenses/bsd-license.php
+     *
+     * THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
+     * WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
+
+
+./replacements.h:
+     * Copyright 2013 Red Hat, Inc <[email protected]>
+     *
+     * Redistribution and use in source and binary forms, with or without
+     * modification, are permitted provided that the following conditions
+     * are met:
+     *
+     * Redistributions of source code must retain the above copyright
+     * notice, this list of conditions and the following disclaimer.
+     *
+     * Redistributions in binary form must reproduce the above copyright
+     * notice, this list of conditions and the following disclaimer in the
+     * documentation and/or other materials provided with the
+     * distribution.
+     *
+     * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+     * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+     * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+     * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+     * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+     * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+     * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+     * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+     * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+     * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+     * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+     * OF THE POSSIBILITY OF SUCH DAMAGE.
+     */
+    
+./ucs2.h:
+     * Copyright 2013 Red Hat, Inc <[email protected]>
+     *
+     * Redistribution and use in source and binary forms, with or without
+     * modification, are permitted provided that the following conditions
+     * are met:
+     *
+     * Redistributions of source code must retain the above copyright
+     * notice, this list of conditions and the following disclaimer.
+     *
+     * Redistributions in binary form must reproduce the above copyright
+     * notice, this list of conditions and the following disclaimer in the
+     * documentation and/or other materials provided with the
+     * distribution.
+     *
+     * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+     * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+     * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+     * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+     * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
+     * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+     * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+     * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+     * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+     * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+     * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+     * OF THE POSSIBILITY OF SUCH DAMAGE.
+     *
+     * Significant portions of this code are derived from Tianocore
+     * (http://tianocore.sf.net) and are Copyright 2009-2012 Intel
+     * Corporation.
+     */  
+
+
+The Certificate is issued to Oracle Corporation: https://www.digicert.com/ssl-cps-repository.htm
+This certificate is intended for the following purpose(s):
+Ensures software came from software publisher
+Protects software from alteration after publication
+2.16.840.1.114412.3.2
+Issued to: Oracle Corporation
+Issued by: DigiCert EV Code Signing CA (SHA2)
+Valid from 6/25/2014 to 6/30/2017
+
+
+DigiCert Certificate Terms of Use
+
+These terms apply to each digital certificate (Certificate) issued by DigiCert, Inc., a Utah corporation (DigiCert) to an entity, as identified in the account or issued certificates (Customer). Customer and DigiCert agree as follows:
+
+    Requests. Customer may request SSL Certificates only for domain names registered to Customer, an affiliate of Customer, or an entity that expressly authorizes DigiCert to allow Customer to obtain and manage Certificates for the domain name. DigiCert may limit the number of domain names that Customer may include in a single Certificate in its sole discretion.
+
+    Verification. After receiving a request for a Certificate through the Account, DigiCert will review the request and attempt to verify the relevant information in accordance with the DigiCert CPS and industry guidelines. Verification is subject to DigiCerts sole satisfaction, and DigiCert may refuse to issue a Certificate for any reason. DigiCert shall notify Customer if a certificate request is refused and provide a reason for the refusal. Certificate Practices Statement or CPS means DigiCerts written statement of the policies and practices used to operate its PKI infrastructure. DigiCerts CPS documents are available at https://www.digicert.com/ssl-cps-repository.htm.
+
+    Certificate Life Cycle. The lifecycle of an issued Certificate depends on the selection made by Customer when ordering the Certificate, the requirements in the CPS, and the intended use of the Certificate. DigiCert may modify Certificate lifecycles for unissued Certificates as necessary to comply with requirements of (i) the agreement with Customer, (ii) industry standards, (iii) DigiCerts auditors, or (iv) an Application Software Vendor. Customer shall not use Certificates after their expiration date. Application Software Vendors means an entity that displays or uses Certificates in connection with a distributed root store in which DigiCert participates or will participate. Certificates containing internal server names or private IP addresses must expire on or before Nov 1, 2015.
+
+    Issuance. If verification is completed to DigiCerts satisfaction, DigiCert will issue the requested Certificate and deliver the Certificate to Customer. DigiCert may deliver the Certificate using any reasonable means of delivery. Typically, DigiCert will deliver Certificates via email to an address specified by Customer, as an electronic download in the Account, or in response to an API call made by Customer. Certificates are issued from a DigiCert root or intermediate certificate selected by DigiCert. Customer shall abide by all applicable laws and regulations when ordering and using Certificates, including United States export laws. Customer is responsible for obtaining and maintaining any license necessary to distribute the Certificates to end users and systems. Customer acknowledges that the Certificates are not available in countries restricted by the Office of Foreign Assets Control.
+
+    Certificate License. Effective immediately after delivery and continuing until the Certificate expires or is revoked, Customer may use, for the benefit of the Certificates subject, each issued Certificate and corresponding Key Set for the purposes described in the CPS, in accordance with all applicable laws, and in accordance with terms herein. Customer shall promptly inform DigiCert if it becomes aware of any misuse of a Certificate, private key, or the Account. Customer is responsible for obtaining and maintaining any authorization or license necessary to use a Certificate, including any license required under United States export laws.
+
+    Management. DigiCert will generally issue, manage, renew, and/or Revoke a Certificate in accordance with any instructions submitted by Customer through the Account or API and may rely on such instructions as accurate. Although DigiCert may send a reminder about expiring Certificates, DigiCert is under no obligation to do so, and Customer is solely responsible for ensuring Certificates are renewed prior to expiration.
+
+    Security and Use of Key Sets. Customer shall protect the key sets associated with a Certificate and take all steps necessary to prevent the compromise, loss or unauthorized use of a private key associated with a Certificate. Customer shall request revocation of any Certificate if Customer has reason to believe that the integrity or reliability of a Certificate is compromised. If Customer suspects misuse or compromise of a private key, Customer shall promptly notify DigiCert, cease using the Certificate, and request revocation of the Certificate. Customer shall promptly cease using the key set corresponding to a Certificate upon the earlier of (i) revocation of the Certificate and (ii) the date when the allowed usage period for the Key Set expires.
+
+    Defective Certificates. If a Certificate contains a defect, DigiCert shall use commercially reasonable efforts to cure the defect after receiving notice from Customer. DigiCert is not obligated to correct a defect if (i) Customer misused, damaged, or modified the Certificate, (ii) Customer did not promptly report the defect to DigiCert, or (iii) Customer has breached any provision of this Agreement.
+
+    Relying Party Warranty. Customer acknowledges that the Relying Party Warranty is only for the benefit of Relying Parties. Customer does not have rights under the warranty, including any right to enforce the terms of the warranty or make a claim under the warranty. Relying Party means an entity other than Customer that acts in reliance on a Certificate or a digital signature. An Application Software Vendor is not a Relying Party when the software distributed by the Application Software Vendor merely displays information regarding a Certificate or facilitates the use of the Certificate or digital signature. Relying Party Warranty means a warranty offered to a Relying Party that meets the conditions found in the Relying Party Warranty Agreement posted on DigiCerts website at https://www.digicert.com/docs/agreements/DigiCert_RPA.pdf.
+
+    Representations. For each requested Certificate, Customer represents to DigiCert that:
+
+        Customer has the right to use or is the lawful owner of (i) any domain name(s) specified in the Certificate and (ii) any common name or organization name specified in the Certificate,
+
+        the individual accepting the agreement is expressly authorized by the Customer to sign and enter into a legally valid and enforceable agreement to obtain a form of digital identity for the Customer,
+
+        Customer has read, understands, and agrees to the CPS, and
+
+        the organization included in the certificate and the registered domain name holder is aware of and approves of each Certificate request.
+
+    By accepting an agreement that incorporates these terms, the signer is entering into a legally valid and enforceable agreement to obtain a form of digital identity for the Customer. The signer acknowledges that he/she has the authority to obtain the digital equivalent of a company stamp, seal, or officer's signature to establish the authenticity of the Customers website, and that the Customer is responsible for all uses of an Certificate. By accepting an agreement on behalf of the Customer, the signer represents that he/she (i) is acting as an authorized representative of the Customer, (ii) is expressly authorized by Customer to sign agreements and approve Certificate requests on Customers behalf, and (iii) has or will confirm Customers exclusive right to use the domain(s) to be included in any issued Certificates.
+
+    Restrictions. Customer shall only use a TLS/SSL Certificate on the servers accessible at the domain names listed in the issued Certificate. Customer shall not:
+
+        modify, sub license, or create a derivative work of any Certificate (except as required to use the Certificate for its intended purpose) or Private Key,
+
+        upload or distribute any files or software that may damage the operation of anothers computer,
+
+        make representations about or use a Certificate except as allowed in the CPS,
+
+        impersonate or misrepresent Customers affiliation with any entity,
+
+        use the Certificates or any related software (such as a DigiCert account) in a manner that could reasonably result in a civil or criminal action being taken against Customer or DigiCert,
+
+        use a Certificate or related software to breach the confidence of a third party or to send or receive unsolicited bulk correspondence,
+
+        interfere with the proper functioning of the DigiCert website or with any transactions conducted through the DigiCert website,
+
+        attempt to use a Certificate to issue other Certificates, or
+
+        intentionally create a private key that is substantially similar to a DigiCert or third party private key.
+
+    Certificate Revocation. DigiCert may revoke a Certificate without notice for the reasons stated in the CPS, including if DigiCert reasonably believes that:
+
+        Customer requested revocation of the Certificate or did not authorize the issuance of the Certificate,
+
+        Customer has breached its agreement or an obligation it has under the CPS,
+
+        any provision of the agreement with customer containing a representation or obligation related to the issuance, use, management, or revocation of the Certificate terminates or is held invalid,
+
+        Customer is added to a government prohibited person or entity list or is operating from a prohibited destination under the laws of the United States,
+
+        the Certificate contains inaccurate or misleading information,
+
+        the Certificate was used outside of its intended purpose or used to sign malicious software,
+
+        the private key associated with a Certificate was disclosed or compromised,
+
+        the Certificate was(a) misused, (b) used or issued contrary to law, the CPS, or industry standards, or (c) used, directly or indirectly, for illegal or fraudulent purposes,
+
+        industry standards or DigiCerts CPS require Certificate revocation, or
+
+        revocation is necessary to protect the rights, confidential information, operations, or reputation of DigiCert or a third party.
+
+    After revocation, Customer shall cease using the Certificate and remove the Certificate from all devices where it is installed and cease using the Certificate.
+
+    Industry Standards. Both parties shall comply with all industry and privacy standards that apply to the Certificates. If industry standards change, DigiCert and Customer shall work together in good faith to amend the applicable agreement, modify issued certificates, and comply with the changes.
+
+    Equipment. Customer is responsible, at Customers expense, for (i) all computers, telecommunication equipment, software, access to the Internet, and communications networks (if any) required to use the Certificates and related DigiCert software or services, and (ii) Customers conduct and its website maintenance, operation, development, and content.
+
+    Certificate Beneficiaries. Relying parties and Application Software Vendors are express third party beneficiaries of Customers obligations and representations related to the use or issuance of a Certificate. The relying parties and Application Software Vendors are not express third party beneficiaries with respect to any DigiCert software.
+
+
+DIGICERT CERTIFICATE SUBSCRIBER AGREEMENT
+
+PLEASE READ THIS AGREEMENT CAREFULLY BEFORE PROCEEDING. YOU MUST CHECK "I AGREE"
+BELOW TO ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT, THAT YOU UNDERSTAND IT,
+AND THAT YOU AGREE TO IT. IF YOU DO NOT ACCEPT THIS AGREEMENT, DO NOT ORDER OR
+APPROVE THE ISSUANCE OF A DIGITAL CERTIFICATE. IF YOU HAVE ANY QUESTIONS REGARDING
+THIS AGREEMENT, PLEASE E-MAIL DIGICERT AT [email protected] OR CALL 1-800-896-7973.
+THIS AGREEMENT CONTAINS A BINDING ARBITRATION CLAUSE.
+
+These certificate terms of use are between DigiCert, Inc., a Utah corporation (DigiCert) and the entity
+applying for a Certificate, as identified in the account or issued certificates. Certificate means a digitally
+signed electronic data file issued by DigiCert to a person, group, or role in order to confirm your authorization
+for use of the Private Key corresponding to the Public Key contained in the certificate. You and DigiCert agree
+as follows:
+
+1. Use
+1.1. Applicability. These terms cover each Certificate issued by DigiCert to you, regardless of (i) the
+Certificate type (email, code signing, Direct, or TLS/SSL), (ii) when you request the Certificate, or
+(iii) when the Certificate actually issues.
+1.2. Information. You will provide accurate, complete, and non-misleading information to DigiCert at
+all times. If any information provided to DigiCert changes or becomes misleading or inaccurate,
+you will promptly inform DigiCert and update the information. You may not request a certificate
+with contents that infringe on the intellectual property rights of another entity. All certificate
+request data is incorporated into this document as part of these terms.
+1.3. Key Pairs. A Private Key means the key that is kept secret by you that is used to create Digital
+Signatures and/or decrypt electronic records or files that were encrypted with the
+corresponding Public Key. A Public Key means your publically disclosed key that is contained
+in your Certificate and corresponds to the secret Private Key that you use. Subscribers should (i)
+generate key pairs using trustworthy systems, (ii) use key pairs that are at least the equivalent of
+RSA 2048 bit keys, (iii) keep all Private Keys confidential, (iv) within one working day, notify
+DigiCert, cease using the Certificate, and request Certificate revocation if you suspect misuse or
+compromise of a Private Key, and use reasonable measures to protect Private Keys from
+disclosure. You will promptly cease using the Certificate and corresponding Private Key upon the
+earlier of (i) revocation of the Certificate, (ii) termination of this agreement, (iii) expiration of the
+Certificate, or (iv) industry standards no longer permit use of the Certificate or Private Key. You
+are solely responsible for any failure to protect your Private Keys. You may only generate and
+store key pairs for Adobe Signing Certificates and EV Code Signing Certificates on a FIPS 140-2
+Level 2 device. All other Certificate types may be stored on secure software or hardware systems.
+1.4. Issuance. After you request a Certificate, DigiCert will verify an entity in accordance with
+DigiCerts CPS and applicable industry standards. If verification is completed to DigiCerts sole
+satisfaction, then DigiCert will issue the requested Certificate and deliver the Certificate to you
+using an appropriate delivery mechanism as selected by DigiCert. Typically, DigiCert delivers
+Certificates either through your online DigiCert account or via a provided email address. DigiCert
+may refuse to accept a Certificate request or issue a Certificate in its sole discretion. DigiCert will
+notify you through the account if your request is refused but DigiCert is not required to provide a
+reason for the refusal.
+1.5. IGTF Certificates. The following applies to IGTF Certificates:
+(i) Private Key Generation. For IGTF compliant Certificates, you must keep all Private Keys
+confidential and use reasonable measures to protect the Private Key from disclosure. You
+must request revocation of the Certificate within one working day of any suspected misuse
+or compromise of a Certificate or Private Key. You must generate your key pair using one of
+the following methods: (i) inside a secure hardware token, (ii) using trustworthy
+cryptographic software on a local computer system where you are the sole user and
+administrator, (iii) on a computer system administered by your sponsor or a third party if (a)
+the key material is generated using trustworthy cryptographic software, (b) access is limited
+to designated individuals, who are subject to and aware of applicable privacy rules and a
+professional code of conduct, (c) the private key and pass phrase are not sent in clear text
+over a network, (d) the encrypted private key file is not sent over the network unprotected,
+(e) the system is located in a secure environment, where access is controlled and limited to
+only authorized personnel, and (f) a system does not persistently keep pass phrases or plain
+text private keys for longer than 24 hours.
+(ii) IGTF Private Key Storage. For IGTF compliant Certificates, you may store your Private Key
+using one of the following methods: (i) protected by a pass phrase on a hardware token from
+which the Private Key cannot be extracted, (ii) in a persistently encrypted form on a
+computer system where you are the sole user and administrator, or (iii) on a computer
+system administered by your sponsor or a third party if (a) the Private Key is stored in a
+persistently encrypted form and protected by a pass phrase, (b) data needed to decrypt or
+use the private key is present only as a result of your action and only for as long as you are
+using the system, (c) administrative access is limited to designated individuals who are
+subject to and aware of applicable privacy rules and a professional code of conduct, (d) the
+systems are located in a secure environment, where access is controlled and limited to only
+authorized personnel, (e) the private key and pass phrase are not sent in clear text over a
+network, (f) the encrypted private key file is not sent over the network unprotected, and (g)
+the system does not persistently keep pass phrases or plain text private keys for longer than
+24 hours. For IGTF passphrases, you must use pass phrases that are at least 12 characters
+long and follow the industrys current best practices. If a third party is involved in
+generating or storing a Private Key, the third party must have a defined data privacy and
+security policy that provides reasonable assurance of data security. You shall make this
+policy available to DigiCert upon request.
+1.6. SSL and Code Signing Certificates. EV Certificate means a Certificate that contains the DigiCert
+Extended Validation Certificate Policy Object Identifier as set forth in the CPS and is issued in
+accordance with the EV Guidelines. EV Certificates include both SSL Certificates and Code
+Signing Certificates. EV Guidelines means the Guidelines for Extended Validation Certificates as
+officially published, amended, and updated by the CA/Browser Forum at
+http://www.cabforum.org. CPS refers to DigiCerts written statements of the policies and
+procedures used to operate its Public Key infrastructure. DigiCerts CPS documents are available
+at http://www.digicert.com/ssl-cps-repository.htm.
+(i) Certificate Transparency. To ensure Certificates function properly throughout their lifecycle,
+DigiCert may log SSL Certificates with a public certificate transparency database. Because
+this will become a requirement for Certificate functionality, you cannot opt out of this
+process. Log server information is publicly accessible. Once submitted, information cannot
+be removed from a log server.
+(ii) Limitations on License. DigiCert may reject any request for an SSL Certificates only for
+domain names registered to (i) you, (ii) your affiliates, or (iii) an entity that expressly
+authorized, in writing, you to obtain and manage Certificates for the domain name in the
+Certificate.
+(iii) Certificate Approvers. During the term of this agreement, you expressly authorize the
+individuals appointed as Certificate Approvers or Administrators in your account (the
+designation of which is expressly incorporated into this agreement) to request and approve
+EV Certificates on your behalf. With respect to DigiCerts obligations under the EV
+Guidelines and other industry standards, you expressly authorize DigiCert to rely on any
+representations made by a Certificate Approver in connection with an ordered Certificate,
+including verification of your exclusive right to use the domain name listed in the Certificate.
+You are responsible for all EV Certificates requested by a Certificate Approver until such
+Certificate Approvers EV authority is revoked. You may revoke a certificate Approvers EV
+authority by emailing DigiCert at [email protected] You are responsible for periodically
+reviewing and updating the individuals authorized to approve EV Certificate orders.
+(iv) Representations. You represent that (a) you have the right to use the domain name, common
+name, and organization name listed in the Certificate (if applicable), (b) if you represent an
+entity applying for or that will be named in the Certificate, you are expressly authorized to
+sign this agreement on behalf of that entity and will make the entity aware of each Certificate
+request, (c) you have read, understand, and agree to the CPS and this agreement, (d) you will
+make sure the organization included in the Certificate and the registered domain name
+holder (if a domain name is included the Certificate) will be aware of and approve each
+Certificate request.
+(v) Acceptance. For EV Certificates: By accepting these terms, you are entering into a legally
+valid and enforceable agreement to obtain a form of digital identity for the Certificates
+subject. You acknowledge that you have the authority to obtain the digital equivalent of a
+company stamp, seal, or (where applicable) officer's signature to establish the authenticity of
+the subjects website or signed code, and that you are responsible for all uses of its EV
+Certificate. By accepting this agreement on behalf of the subject, you represent that you (i)
+are acting as an authorized representative of the subject, (ii) are expressly authorized by
+subject to sign Subscriber agreements and approve EV Certificate requests on subjects
+behalf, and (iii) if applicable, have confirmed subjects exclusive right to use the domain(s) to
+be included in any issued EV Certificates.
+1.7. License. Effective immediately after delivery and continuing until the Certificate expires or is
+revoked, DigiCert grants you a revocable, non-exclusive, non-transferable license to use, for the
+benefit of the subject, each issued Certificate and the corresponding Key Sets in accordance with
+the CPS and the terms of this agreement. You are responsible for any use of the Certificate and
+any equipment and software required to use the Certificate. You may not install or use a
+Certificate until after you have reviewed and verified the accuracy of the data included in the
+Certificate. You will promptly inform DigiCert if you become aware of any breach of this
+agreement or misuse of a Certificate, Private Key, or your account. You are responsible for
+obtaining and maintaining any authorization or license necessary to use a Certificate.
+1.8. Restrictions. You should not (a) share your Certificate or Private Key with another user except
+where permitted by the CPS, (b) use a Certificate or Private Key to operate nuclear power
+facilities, air traffic control systems, aircraft navigation systems, weapons control systems, or any
+other system requiring failsafe operation whose failure could lead to injury, death or
+environmental damage, (c) modify, sub license, reverse-engineer or create a derivative work of
+any Certificate (except as required to use the Certificate for its intended purpose) or Private Key,
+(d) use or make representations about a Certificate except as allowed in the CPS, (e) impersonate
+or misrepresent your affiliation with any entity or use a Certificate in a manner that could
+reasonably result in a civil or criminal action being taken against you or DigiCert, (f) use a
+Certificate to send or receive unsolicited bulk correspondence, sign or distribute any files,
+software, or code that may damage the operation of anothers computer or that is downloaded
+without a users consent, or breach the confidence of a third party, (g) attempt to use a
+Certificate to issue other Certificates, or (h) intentionally create a Private Key that is substantially
+similar to a DigiCert or third party Private Key.
+1.9. Revocation. DigiCert may revoke a Certificate without notice for the reasons stated in the CPS,
+including if DigiCert believes that (a) you or the subject requested revocation of the Certificate or
+did not authorize the Certificates issuance, (b) you or the subject breach this agreement or fail to
+comply with the CPS, (c) a provision of this agreement containing a representation or obligation
+related to the issuance, use, management, or revocation of the Certificate terminates or is held
+invalid, (d) you or the subject are added to a government prohibited person or entity list or are
+operating from a prohibited destination under the laws of the United States, (e) the Certificate
+contains inaccurate or misleading information, (f) the Certificate was used outside of its intended
+purpose or used to sign malicious software, (g) the Private Key associated with a Certificate was
+disclosed or compromised, (h) this agreement terminates, (i) the Certificate was used or issued,
+directly or indirectly, contrary to law, the CPS, or industry standards, (j) industry standards or
+DigiCerts CPS require revocation, or (k) revocation is necessary to protect the rights, confidential
+information, operations, or reputation of DigiCert or a third party.
+1.10. Renewals. DigiCert may send a reminder to you about expiring Certificates, but you are solely
+responsible for ensuring your Certificates are renewed prior to their expiration.
+1.11. Publication of Certificate. You consent to (i) DigiCerts public disclosure of information
+embedded in an issued Certificate, and (ii) DigiCerts transfer of your information to servers
+located inside the United States. DigiCert retains a right to use any information provided through
+the account, provided that all such use is in compliance with its privacy policy as provided on its
+website. DigiCert may modify the privacy policy in its sole discretion.
+1.12. Express Install. DigiCerts may provide an express installation utility as part of its services. Using
+this utility will automatically configure server settings as appropriate to use the Certificate. A
+link to express install is provided either in the email providing notification of Certificate issuance
+or on DigiCerts website. You may (i) not modify, sub-license, reverse engineer, or create a
+derivative work of the utility and (ii) only use the utility with a DigiCert product or service and
+not with Certificates, software, or other products or services provided from a third party. You are
+solely liable for any use of the utility. DIGICERT HEREBY DISCLAIMS ALL WARRANTIES
+ASSOCIATED WITH THE UTILITY AND ALL LIABILITY FOR YOUR USE OF THE UTILITY.
+
+2. Term and Termination
+2.1. Term. This agreement is effective upon your acceptance and lasts until the earlier of (i) the
+expiration date of all Certificates issued under this agreement, or (ii) the termination of this
+agreement by a party as allowed herein. All rights and licenses granted to you terminate
+immediately upon termination of this agreement.
+2.2. Termination. Either party may terminate this agreement for convenience by providing 30 days
+prior notice to the other party. DigiCert may terminate the agreement immediately for any
+reasonable reason related to this Agreement, including, but not limited to (i) you or the subject
+materially breach this agreement, (ii) you or the subject engaged in illegal or fraudulent activity
+or an activity that could materially harm DigiCerts business, (iii) DigiCert cannot verify you or
+the subject to DigiCerts sole satisfaction, or (iv) if you or the subject (a) have a receiver, trustee,
+or liquidator appointed over substantially all of your or the subjects assets, (b) have an
+involuntary bankruptcy proceeding filed against you or the subject that is not dismissed within
+30 days of filing, (c) file a voluntary petition of bankruptcy or reorganization.
+2.3. Survival. All provisions of this agreement that, by their nature, are intended to survive
+termination of the agreement and continue in full force and effect, including all provisions related
+to representations by you under the following sections: Publication of Certificate (Section 1.11),
+Disclaimer of Warranties and Limitations on Liability (Section 3), Indemnity (Section 4),
+Arbitration (section 5), and the Miscellaneous provisions (Section 6).
+3. Disclaimers of Warranty and Limitations on Liability
+3.1. Relying Party Warranties. You acknowledge that any applicable Relying Party Warranty is only
+for the benefit of Relying Parties. You do not have rights under the warranty, including any right
+to enforce the terms of the warranty or make a claim under the warranty. Not all Certificates are
+covered by a warranty. Relying Party means an entity that acts in reliance on a Certificate or a
+Digital Signature. An Application Software Vendor is not a Relying Party when the software
+distributed by the Application Software Vendor merely displays information regarding a
+Certificate or facilitates the use of the Certificate or digital signature. Relying Party Warranty
+is a warranty provided by DigiCert against certificate mis-issuance that is available only to
+Relying Parties who meet the conditions and fulfill all of the terms set forth at
+http://www.digicert.com/docs/agreements/DigiCert_RPA.pdf. Application Software Vendor
+means a software developer that displays or uses Certificates and distributes root certificates.
+3.2. Remedy. Your sole remedy for a defect in a Certificate is to have DigiCert use reasonable efforts
+to correct the defect. DigiCert is not obligated to correct a defect if (i) the Certificate was
+misused, damaged, or modified, (ii) you did not promptly report the defect to DigiCert, or (iii)
+you breached any provision of this agreement.
+3.3. Warranty Disclaimers. THE CERTIFICATES, AND ANY RELATED SOFTWARE, PRODUCTS, AND
+SERVICES, INCLUDING THE EXPRESS INSTALL UTILITY, ARE PROVIDED "AS IS" AND "AS
+AVAILABLE. TO THE MAXIMUM EXTENT PERMITTED BY LAW, DIGICERT DISCLAIMS ALL
+EXPRESS AND IMPLIED WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. DIGICERT DOES NOT
+WARRANT THAT ANY SERVICE OR PRODUCT WILL MEET YOUR EXPECTATIONS OR THAT
+ACCESS TO THE ACCOUNT WILL BE TIMELY OR ERROR-FREE. DigiCert does not guarantee the
+availability of any products or services and may modify or discontinue any product or service
+offering at any time.
+3.4. Limitation on Liability. This agreement does not limit a partys liability for (i) death or personal
+injury resulting from the negligence of a party, or (ii) fraud or fraudulent statements made by a
+party. EXCEPT AS STATED ABOVE, DIGICERTS MAXIMUM LIABILITY RESULTING FROM THESE
+TERMS IS LIMITED TO THE AMOUNT PAID OR PAYABLE BY YOU TO DIGICERT DURING THE 12
+MONTHS PRIOR TO WHEN THE EVENT GIVING RISE TO THE LIABILITY OCCURRED. DIGICERT
+IS NOT LIABLE FOR ANY INDIRECT, CONSEQUENTIAL, SPECIAL, OR PUNITIVE DAMAGES OR
+ANY LOSS OF PROFIT, REVENUE, DATA, OR OPPORTUNITY, EVEN IF DIGICERT IS AWARE OF THE
+POSSIBILITY OF SUCH DAMAGES.
+3.5. Liability. You are liable for any claims (including damages, costs, and defense expenses) that are
+brought by third parties against DigiCert, its agents and assigns, that are result from use of your
+Certificate or Private Key or that are caused by your intentional or grossly negligent breach of
+this agreement. DigiCert is not responsible for your employees or agents, including any expenses
+owed to them.
+3.6. Extent. The limitations in this section apply to the maximum extent permitted by law and apply
+regardless of (i) the reason for or nature of the liability, including tort claims, (ii) the number of
+claims of liability, (iii) the extent or nature of the damages, or (iv) whether any other provisions
+of this agreement were breached or proven ineffective.
+
+4. Indemnity
+4.1. Obligation. You will indemnify, hold harmless, and defend DigiCert and its employees, officers,
+directors, shareholders, affiliates, and assigns against all third party claims and all related
+liabilities, damages, and costs, including reasonable attorneys fees, arising from (i) your breach
+of this agreement, (ii) your failure to disclose a material fact related to the issuance of a
+Certificate or to protect the Authentication Mechanisms used to secure the account, (iii) an
+allegation that your actions or negligence was the cause of the claim, liability, or cost, (iv) your
+website, products, and services, or (v) your use of DigiCerts products or services to infringe on
+the rights of a third party.
+4.2. Indemnification Procedure. An entity seeking indemnification under this agreement
+(Indemnified Party) must notify you promptly of any event requiring indemnification.
+However, an Indemnified Partys failure to notify will not relieve you from your indemnification
+obligations, except to the extent that the failure to notify materially prejudices you. You may
+assume the defense of any proceeding requiring indemnification unless assuming the defense
+would result in potential conflicting interests as determined by the Indemnified Party in good
+faith. An Indemnified Party may, at your expense, defend itself until your counsel has initiated a
+defense of the Indemnified Party. Even after you assume the defense, the Indemnified Party may
+participate in any proceeding using counsel of its own choice and at its own expense. You may
+not settle any proceeding related to this agreement unless the settlement also includes an
+unconditional release of liability for all Indemnified Parties.
+4.3. Additions to and Limitations on Liability. Your indemnification obligations are not DigiCerts sole
+remedy under this agreement and are in addition to any other remedies that DigiCert may have
+against you. You must commence any claim or action arising from this agreement within one
+year from the occurrence of events giving rise to a cause of action. You waive your right to any
+claim that is commenced more than one year from the first date on which the cause of action
+arose.
+
+5. Arbitration
+5.1. Requirement. To the maximum extent permitted by law, you will settle any dispute or claim
+related to this agreement, the CPS, DigiCerts websites, or any Certificate issued under this
+Agreement using binding arbitration in accordance with the Arbitration Rules of the American
+Arbitration Association (AAA). The parties shall hold all arbitration proceedings in Lehi, Utah.
+The parties shall settle all such disputes and claims settled in this manner in lieu of any action at
+law or equity; except that nothing in this subsection precludes a party from bringing an action for
+injunctive relief or other equitable relief.
+5.2. Proceeding. During arbitration, the parties shall use a single arbitrator appointed by the AAA to
+arbitrate a dispute or claim. The arbitrator must exhibit a reasonable familiarity with the issues.
+The award of the arbitrator is binding and final upon all parties. Either party may have a court
+with proper jurisdiction enter the award. This agreement remains in full force and effect while
+the outcome of the arbitration proceeding is pending. The arbitrator shall follow applicable law
+in conducting the arbitration.
+5.3. Costs. A party shall pay any costs, including reasonably attorney fees, to which the arbitrator
+determines that the prevailing party is entitled. Each party shall pay its own costs associated
+with the arbitration if such costs are not awarded by the arbitrator. The arbitrator may not
+award punitive damages or speculative damages to either party and does not have the power to
+amend this agreement.
+
+6. Miscellaneous
+6.1. Agreement. Unless explicitly stated otherwise, this agreement, along with all documents referred
+to herein, constitutes the entire agreement between the parties with respect to the issuance and
+use of the requested Certificate, superseding all other agreements that may exist with respect to
+that particular Certificate. DigiCert may amend any of its (i) website and any documents listed
+thereon, (ii) CPS, (iii) fees, (iv) privacy policy, or (iv) the conditions under which you receive a
+Certificate. Amendments are effective upon the earlier of DigiCerts posting the amendment on
+its website or your receipt of the amendment. You must periodically review DigiCerts website to
+be aware of any changes to this agreement or the relevant documents. Your continued use of a
+Certificate after an amendment is posted constitutes your acceptance of the amendment. If a law
+or industry standard changes and that change affects the Certificates or other services provided
+under this agreement, then DigiCert may amend this agreement to the extent necessary to
+comply with the change. The laws of the state of Utah govern the interpretation, construction,
+and enforcement of this agreement and all matters related to it, including tort claims, without
+regards to any conflicts-of-laws principles. The parties hereby submit to the exclusive
+jurisdiction of and venue in the state and federal courts located in the State of Utah.
+6.2. Waiver. A partys failure to enforce or delay in enforcing a provision of this agreement does not
+waive (i) the partys right to enforce the same provision later, or (ii) the partys right to enforce
+any other provision of the agreement. A waiver is only effective if in writing and signed by the
+party against whom the waiver is claimed.
+6.3. Industry Standards. Both parties will comply with all industry and privacy standards applicable
+to the Certificates. If industry standards change, DigiCert and you will work together in good
+faith to amend this agreement to comply with the changes.
+6.4. Force Majeure and Internet Frailties. Neither party is liable for any failure or delay in performing
+its obligations under this agreement to the extent that the circumstances causing such failure or
+delay are beyond a partys reasonably control. You acknowledge that the Certificates are subject
+to the operation and telecommunication infrastructures of the Internet and the operation of your
+Internet connection services, all of which are beyond DigiCerts control.
+6.5. Notices. You must send all notices in English writing by first class mail with return receipt
+request to DigiCert, Inc. at 2600 West Executive Parkway, Suite 500, Lehi, Utah 84043. DigiCert
+will send notices to you either, in DigiCerts discretion, through the account or through your
+email address (as provided by you). Notices to DigiCert are effective when received. Notices to
+you are effective when sent.
+6.6. Assignment. You may not assign your rights or obligations under this agreement without the
+prior written consent of DigiCert. Any transfer without consent is void. DigiCert may assign its
+rights and obligations without your consent.
+6.7. Severability. The invalidity or unenforceability of a provision under this agreement, as
+determined by a court or administrative body of competent jurisdiction, does not affect the
+validity or enforceability of the remainder of this agreement. The parties will substitute any
+invalid or unenforceable provision with a valid or enforceable provision that achieves the same
+economic, legal, and commercial objectives as the invalid or unenforceable provision.
+6.8. Rights of Third Parties. Application Software Vendors and Relying Parties are express third party
+beneficiaries of your obligations and representations under this agreement that directly relate to
+the use or issuance of a Certificate. Other than the Application Software Vendors and Relying
+Parties, no third parties have any rights or remedies under the agreement.
+6.9. Interpretation. The definitive version of this agreement is written in English. If this agreement is
+translated into another language and there is a conflict between the English version and the
+translated version, the English language version controls.
+
+ACCEPTANCE
+BY CHECKING "I AGREE", YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTAND THIS AGREEMENT
+AND THAT YOU WILL TO COMPLY WITH ITS TERMS. DO NOT CHECK "I AGREE" AND DO NOT PROCEED IF
+YOU DO NOT ACCEPT THIS AGREEMENT.
+
Binary file components/shim/shim.ms has changed
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/shim/shim.p5m	Tue Nov 01 12:25:39 2016 -0700
@@ -0,0 +1,40 @@
+#
+# CDDL HEADER START
+#
+# The contents of this file are subject to the terms of the
+# Common Development and Distribution License (the "License").
+# You may not use this file except in compliance with the License.
+#
+# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
+# or http://www.opensolaris.org/os/licensing.
+# See the License for the specific language governing permissions
+# and limitations under the License.
+#
+# When distributing Covered Code, include this CDDL HEADER in each
+# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
+# If applicable, add the following below this CDDL HEADER, with the
+# fields enclosed by brackets "[]" replaced with your own identifying
+# information: Portions Copyright [yyyy] [name of copyright owner]
+#
+# CDDL HEADER END
+#
+
+#
+# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+#
+
+set name=pkg.fmri value=pkg:/boot/[email protected]$(IPS_COMPONENT_VERSION),$(BUILD_VERSION)
+set name=pkg.summary value="Binaries for UEFI Secure Boot"
+set name=com.oracle.info.description \
+    value="First-stage bootloader for UEFI Secure Boot"
+set name=com.oracle.info.tpno value=$(TPNO)
+set name=info.classification value=org.opensolaris.category.2008:System/Security
+set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
+set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
+set name=org.opensolaris.arc-caseid value=PSARC/2015/563
+set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
+file BOOT.csv path=boot/grub/BOOT.csv variant.arch=i386
+file boot/MokManager.efi.signed path=boot/grub/MokManager.efi variant.arch=i386
+file boot/fallback.efi.signed path=boot/grub/fallback.efi variant.arch=i386
+file shim.ms path=boot/grub/shim.efi variant.arch=i386
+license shim.license license=BSD