boot1.efi future
Simon J. Gerraty
sjg at juniper.net
Thu Oct 19 17:03:05 UTC 2017
Warner Losh <imp at bsdimp.com> wrote:
> There's lots of details to get right before we can make the final switch,
> but I think it's in the interest of the project to do so.
Just one comment that may or may not be relevant depending on the overal
plan.
I've implemented verification in the freebsd loader, along the lines
previously mentioned, for us this pretty much closes the secure-boot
gap - loader verifies kernel and its initial rootfs so init and etc/rc.
Which then gets us to mac_veriexec.
>From that pov the initial boot bits can change as you like without
affecting the above. Is that the plan?
It only matters I guess in terms of the effort to upstream - assuming
there is interest from other embedded vendors.
Thanks
--sjg
More information about the freebsd-arch
mailing list