I was looking at RHEL 9.7 today, and noticed it has
shim-x64-16.1-5.el9.x86_64
As Rocky is close 1:1 with RHEL, does that mean there’s a new shim in Rocky 9.7?
Since 9.7 has only just released, we have to now wait for all update packages to be processed, packaged and made available. So at some point it will appear.
Rocky 9.7 had to be released with the same versions of packages when RHEL 9.7 was released, so now we need to catch up by now processing all updated packages that have since been released.
That’s not how shim works. The shim cannot just be upgraded immediately nor can it properly follow our upstreams.
The shim is part of secure boot and requires us, as a vendor, to produce unsigned binaries for Microsoft to sign. Once those are approved and signed, that’s when the new shim appears.
The reason why our shim is not upgraded is we were waiting to release 9.7 and 10.1 first before working on them. It’s unfortunately a slow process and will take time before we release it to everyone.
OK, that’s fine, so the official Rocky 9.7 ISO will continue to use the current “shim”, as was used in Rocky 9.6?
Yup, the current shim works because I’ve already upgraded to 9.7, rebooted and had no issues with secure boot which is enabled.
ISO’s are not redone, so every ISO made will be with the shim version available at that time. To get new shim’s, it’s just like every other update, so:
dnf update
ISO’s will not be remade, it doesn’t solve anything to do that and why waste time on it. ISO’s are made once, when a release is made. That is the state they should remain in.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.