Date: Mon, 8 Jul 2013 23:28:26 +0000 From: "Teske, Devin" <Devin.Teske@fisglobal.com> To: Sergio de Almeida Lenzi <lenzi.sergio@gmail.com> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: UEFI Secure Boot Message-ID: <13CA24D6AB415D428143D44749F57D7201FB74C7@ltcfiswmsgmb21> In-Reply-To: <1373322278.15315.38.camel@lenovo.lenzicasa> References: <loom.20130708T182036-992@post.gmane.org> <1373322278.15315.38.camel@lenovo.lenzicasa>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 8, 2013, at 3:24 PM, Sergio de Almeida Lenzi wrote: [snip] >=20 > So the question:=20=20 > Why or when will I need an secure UEFI boot??? >=20 >From what I've read of UEFI Secure boot, I've parceled out into these nugge= ts: (correct any nuggets I got wrong) 1. UEFI Secure boot is actually UEFI + Secure boot. You can disable Secure = boot and still have UEFI. 2. Windows 8 requires UEFI Secure boot to ... boot. 3. Any OS can work with UEFI Secure boot... you just have to sign your driv= ers (which puts a burden on development, testing, etc.) 4. FreeBSD today can work on a machine if you disable UEFI (implied disabli= ng of Secure boot sub-feature) 5. FreeBSD could eventually support UEFI. 6. Don't know if we want to support secure-boot... but I think we should. I= t's really up to how the end-user wants FreeBSD to function. If they want F= reeBSD to reject module-loads for custom-compiled modules, secure boot seem= s to be a way to go. But for me at least, I won't be enabling it (even if w= e support it). However, I know customers that might think it's a great idea= (think financial institutions running FreeBSD on bare metal both as workst= ations and servers). Now, I must admit, when the conversation of UEFI and Secure boot starts tur= ning toward involving M$, I get confused. To my understanding, it's a methodology to allow a customer to secure his/h= er box against root-kit. The OS does this by communicating with the UEFI fr= amework the keys of modules to load. That's between the BIOS and the OS (wh= atever OS you may be running). --=20 Devin P.S. Again, correct me if I'm wrong on anything -- I'm still wrapping my he= ad around this stuff too. _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13CA24D6AB415D428143D44749F57D7201FB74C7>