Date: Mon, 14 Oct 2019 21:59:35 -0400 From: grarpamp <grarpamp@gmail.com> To: freebsd-security@freebsd.org Cc: freebsd-current@freebsd.org, freebsd-virtualization@freebsd.org Subject: Re: AMD Secure Encrypted Virtualization - FreeBSD Status? Message-ID: <CAD2Ti2-vgm2DrpeSO8%2BhuYJ9Kn2Y3N_DFwe1HQofHJ7VQcE4rQ@mail.gmail.com> In-Reply-To: <76102.1571079149@kaos.jnpr.net> References: <CAD2Ti2-2TWZEcCdyg1seHHdWRVSC9v_kuMe4f-ERo1LNdJAnmw@mail.gmail.com> <CAFYkXj=f0NEQ%2B=WQ_y8_RZtOc3-%2BHkoBreAgRM669R6s4cWSmQ@mail.gmail.com> <76102.1571079149@kaos.jnpr.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>> would be really nice also to get UEFI BOOT compatible with SECURE BOOT >> :-) > > Unless you are using your own BIOS, the above means getting Microsoft > to sign boot1.efi or similar. Shims that simply work around lack of > acceptible signature don't help. As before in this thread, some motherboards will let you delete the Microsoft keys from the BIOS defaults and install your own. With those boards you do not need Microsoft, or any shims signed by Microsoft, or anyone else but you. See the key management parts of the UEFI SECURE BOOT spec... https://uefi.org/ If your mobo maker does not have full key management options in their latest BIOS, ticket and bug them until they do.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD2Ti2-vgm2DrpeSO8%2BhuYJ9Kn2Y3N_DFwe1HQofHJ7VQcE4rQ>