Date: Sat, 10 Jan 2015 02:41:37 +0000 (UTC) From: Benjamin Kaduk <bjk@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r46187 - head/en_US.ISO8859-1/htdocs/news/status Message-ID: <201501100241.t0A2fblD044165@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bjk Date: Sat Jan 10 02:41:36 2015 New Revision: 46187 URL: https://svnweb.freebsd.org/changeset/doc/46187 Log: Add Secure Boot entry Approved by: hrs (mentor, blanket) Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2014-10-2014-12.xml Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2014-10-2014-12.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-2014-10-2014-12.xml Sat Jan 10 02:29:44 2015 (r46186) +++ head/en_US.ISO8859-1/htdocs/news/status/report-2014-10-2014-12.xml Sat Jan 10 02:41:36 2015 (r46187) @@ -2100,4 +2100,63 @@ <sponsor>Sandvine Inc.</sponsor> </project> + <project cat='kern'> + <title>Secure Boot</title> + + <contact> + <person> + <name> + <given>Edward Tomasz</given> + <common>Napierała</common> + </name> + <email>trasz@FreeBSD.org</email> + </person> + </contact> + + <links> + <url href="https://wiki.freebsd.org/SecureBoot" /> + </links> + + <body> + <p>UEFI Secure Boot is a mechanism that requires boot drivers + and operating system loaders to be cryptographically signed by an + authorized key. It will refuse to execute any software that is not + correctly signed, and is intended to secure boot drivers and + operating system loaders from malicious tampering or + replacement.</p> + + <p>This project will deliver the initial phase of secure boot + support for &os; and consists of:</p> + + <ul> + <li>creating ports/packages of the gnu-efi toolchain, + Matthew Garrett’s shim loader, and sbsigntools</li> + <li>extending the shim to provide an API for boot1.efi to + load and verify binaries signed by keys known to the shim</li> + <li>writing uefisign(8), a BSD-licensed utility to sign EFI + binaries using Authenticode, as mandated by UEFI + specification.</li> + </ul> + </body> + + <sponsor>The &os; Foundation</sponsor> + + <help> + <task> + <p>Ensure the signature format properly matches UEFI spec + requirements.</p> + </task> + + <task> + <p>Verify correctly signed, incorrectly signed, and + unsigned loader components are handled properly.</p> + </task> + + <task> + <p>Investigate signed kernel ELF objects (including + modules).</p> + </task> + </help> + </project> + </report>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201501100241.t0A2fblD044165>