svn commit: r46187 - head/en_US.ISO8859-1/htdocs/news/status
Benjamin Kaduk
bjk at FreeBSD.org
Sat Jan 10 02:41:37 UTC 2015
Author: bjk
Date: Sat Jan 10 02:41:36 2015
New Revision: 46187
URL: https://svnweb.freebsd.org/changeset/doc/46187
Log:
Add Secure Boot entry
Approved by: hrs (mentor, blanket)
Modified:
head/en_US.ISO8859-1/htdocs/news/status/report-2014-10-2014-12.xml
Modified: head/en_US.ISO8859-1/htdocs/news/status/report-2014-10-2014-12.xml
==============================================================================
--- head/en_US.ISO8859-1/htdocs/news/status/report-2014-10-2014-12.xml Sat Jan 10 02:29:44 2015 (r46186)
+++ head/en_US.ISO8859-1/htdocs/news/status/report-2014-10-2014-12.xml Sat Jan 10 02:41:36 2015 (r46187)
@@ -2100,4 +2100,63 @@
<sponsor>Sandvine Inc.</sponsor>
</project>
+ <project cat='kern'>
+ <title>Secure Boot</title>
+
+ <contact>
+ <person>
+ <name>
+ <given>Edward Tomasz</given>
+ <common>Napierała</common>
+ </name>
+ <email>trasz at FreeBSD.org</email>
+ </person>
+ </contact>
+
+ <links>
+ <url href="https://wiki.freebsd.org/SecureBoot" />
+ </links>
+
+ <body>
+ <p>UEFI Secure Boot is a mechanism that requires boot drivers
+ and operating system loaders to be cryptographically signed by an
+ authorized key. It will refuse to execute any software that is not
+ correctly signed, and is intended to secure boot drivers and
+ operating system loaders from malicious tampering or
+ replacement.</p>
+
+ <p>This project will deliver the initial phase of secure boot
+ support for &os; and consists of:</p>
+
+ <ul>
+ <li>creating ports/packages of the gnu-efi toolchain,
+ Matthew Garrett’s shim loader, and sbsigntools</li>
+ <li>extending the shim to provide an API for boot1.efi to
+ load and verify binaries signed by keys known to the shim</li>
+ <li>writing uefisign(8), a BSD-licensed utility to sign EFI
+ binaries using Authenticode, as mandated by UEFI
+ specification.</li>
+ </ul>
+ </body>
+
+ <sponsor>The &os; Foundation</sponsor>
+
+ <help>
+ <task>
+ <p>Ensure the signature format properly matches UEFI spec
+ requirements.</p>
+ </task>
+
+ <task>
+ <p>Verify correctly signed, incorrectly signed, and
+ unsigned loader components are handled properly.</p>
+ </task>
+
+ <task>
+ <p>Investigate signed kernel ELF objects (including
+ modules).</p>
+ </task>
+ </help>
+ </project>
+
</report>
More information about the svn-doc-head
mailing list