Secure Boot

From owner-svn-doc-all@FreeBSD.ORG Wed Apr 15 04:22:54 2015 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2ECF8D39; Wed, 15 Apr 2015 04:22:54 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F3BB06CC; Wed, 15 Apr 2015 04:22:53 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t3F4MrxR013510; Wed, 15 Apr 2015 04:22:53 GMT (envelope-from bjk@FreeBSD.org) Received: (from bjk@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t3F4MrHO013509; Wed, 15 Apr 2015 04:22:53 GMT (envelope-from bjk@FreeBSD.org) Message-Id: <201504150422.t3F4MrHO013509@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: bjk set sender to bjk@FreeBSD.org using -f From: Benjamin Kaduk Date: Wed, 15 Apr 2015 04:22:53 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r46557 - head/en_US.ISO8859-1/htdocs/news/status X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Apr 2015 04:22:54 -0000 Author: bjk Date: Wed Apr 15 04:22:53 2015 New Revision: 46557 URL: https://svnweb.freebsd.org/changeset/doc/46557 Log: Add Secure Boot report Approved by: hrs (mentor, implicit) Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml Wed Apr 15 04:12:19 2015 (r46556) +++ head/en_US.ISO8859-1/htdocs/news/status/report-2015-01-2015-03.xml Wed Apr 15 04:22:53 2015 (r46557) @@ -2126,4 +2126,53 @@ WITHOUT_FORTH=y two were taken in for safe-keeping.

+ + + Secure Boot + + + + + Edward Tomasz + Napierała + + trasz@FreeBSD.org + + + + + + + + +

UEFI Secure Boot is a mechanism that requires boot + drivers and operating system loaders to be cryptographically + signed by an authorized key. It will refuse to execute any + software that is not correctly signed, and is intended to secure + boot drivers and operating system loaders from malicious + tampering or replacement.

+ +

The utility to add Authenticode signatures to EFI files, + uefisign(8), was committed to 11-CURRENT and will ship in + 10.2-RELEASE. Ports for other open source utilities were added + to the Ports Collection, as sysutils/pesign, + sysutils/sbsigntool, and sysutils/shim. There + is a prototype patch that makes boot1 use the Secure Boot shim, and + modifies the shim to provide the functionality necessary + for a successful bootstrap.

+ + + The &os; Foundation + + + +

Finalize the shim API extension and get it accepted + upstream.

+ + + +

Commit boot1 changes.

+ + +