[uefi-secure-boot-guide] f18: Updated POTs Merge branch 'f18' of git+ssh://git.fedorahosted.org/git/docs/uefi-secure-boot-guide into f18 (681bf80)

sparks at fedoraproject.org sparks at fedoraproject.org
Sat Jan 5 02:26:13 UTC 2013 

Repository : http://git.fedorahosted.org/git/?p=docs/uefi-secure-boot-guide.git

On branch  : f18

>---------------------------------------------------------------

commit 681bf808fef8e97280679cb15372b20a849f3a27
Merge: 1799db9 81498dd
Author: Eric Christensen <sparks at fedoraproject.org>
Date:   Fri Jan 4 21:24:48 2013 -0500

    Updated POTs
    Merge branch 'f18' of git+ssh://git.fedorahosted.org/git/docs/uefi-secure-boot-guide into f18
    
    Conflicts:
    	pot/Author_Group.pot
    	pot/Book_Info.pot
    	pot/Implementation_of_Secure_Boot.pot
    	pot/Preface.pot
    	pot/Revision_History.pot
    	pot/UEFI_Secure_Boot_Guide.pot
    	pot/Using_your_own_keys.pot
    	pot/What_is_Secure_Boot.pot



>---------------------------------------------------------------

 pot/Author_Group.pot                  |    5 +++++
 pot/Book_Info.pot                     |    5 +++++
 pot/Implementation_of_Secure_Boot.pot |   13 +++++++++++++
 pot/Preface.pot                       |    5 +++++
 pot/Revision_History.pot              |    8 ++++++++
 pot/UEFI_Secure_Boot_Guide.pot        |    5 +++++
 pot/Using_your_own_keys.pot           |    5 +++++
 pot/What_is_Secure_Boot.pot           |   21 +++++++++++++++++++++
 8 files changed, 67 insertions(+), 0 deletions(-)

diff --git a/pot/Author_Group.pot b/pot/Author_Group.pot
index 6e0d092..54a2ae6 100644
--- a/pot/Author_Group.pot
+++ b/pot/Author_Group.pot
@@ -4,8 +4,13 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: 0\n"
+<<<<<<< HEAD
 "POT-Creation-Date: 2013-01-05T02:13:25\n"
 "PO-Revision-Date: 2013-01-05T02:13:25\n"
+=======
+"POT-Creation-Date: 2013-01-04T18:28:40\n"
+"PO-Revision-Date: 2013-01-04T18:28:40\n"
+>>>>>>> 81498dde5b8f2b88bfac7fceef8cb31843cb0e94
 "Last-Translator: Automatically generated\n"
 "Language-Team: None\n"
 "MIME-Version: 1.0\n"
diff --git a/pot/Book_Info.pot b/pot/Book_Info.pot
index c240d36..3c455d9 100644
--- a/pot/Book_Info.pot
+++ b/pot/Book_Info.pot
@@ -4,8 +4,13 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: 0\n"
+<<<<<<< HEAD
 "POT-Creation-Date: 2013-01-05T02:13:25\n"
 "PO-Revision-Date: 2013-01-05T02:13:25\n"
+=======
+"POT-Creation-Date: 2013-01-04T18:28:40\n"
+"PO-Revision-Date: 2013-01-04T18:28:40\n"
+>>>>>>> 81498dde5b8f2b88bfac7fceef8cb31843cb0e94
 "Last-Translator: Automatically generated\n"
 "Language-Team: None\n"
 "MIME-Version: 1.0\n"
diff --git a/pot/Implementation_of_Secure_Boot.pot b/pot/Implementation_of_Secure_Boot.pot
index b162f6a..d394c7a 100644
--- a/pot/Implementation_of_Secure_Boot.pot
+++ b/pot/Implementation_of_Secure_Boot.pot
@@ -4,8 +4,13 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: 0\n"
+<<<<<<< HEAD
 "POT-Creation-Date: 2013-01-05T02:13:25\n"
 "PO-Revision-Date: 2013-01-05T02:13:25\n"
+=======
+"POT-Creation-Date: 2013-01-04T18:28:40\n"
+"PO-Revision-Date: 2013-01-04T18:28:40\n"
+>>>>>>> 81498dde5b8f2b88bfac7fceef8cb31843cb0e94
 "Last-Translator: Automatically generated\n"
 "Language-Team: None\n"
 "MIME-Version: 1.0\n"
@@ -19,11 +24,16 @@ msgstr ""
 
 #. Tag: para
 #, no-c-format
+<<<<<<< HEAD
 msgid "The Fedora Secure Boot implementation includes support for two methods of booting under the Secure Boot mechanism. The first method utilizes the signing service hosted by Microsoft to provide a copy of the shim bootloader signed with the Microsoft keys. The second method is a more general form of the first, wherein a site or user can create their own keys, deploy them in system firmware, and sign their own binaries."
+=======
+msgid "Systems with UEFI Secure Boot enabled will ship with a set of vendor-determined keys installed in the firmware. These keys include the ability to boot from binaries signed by the signing service hosted by Microsoft. This feature includes simultaneous support for two methods of booting under this scheme. Under the first scheme, Fedora will utilize the signing service hosted by Microsoft. Under the second, a site will create their own keys and deploy them in system firmware, and will do their own signing of binaries with it. In both schemes, shim, grub2, and the kernel will detect that they are started in what UEFI describes as \"User mode\" with Secure Boot enabled, and upon detecting this they will validate the next stage with a Fedora-specific cryptographic public key before starting it. Additionally, grub2 will operate with similar restrictions as it would if you had set a supervisory password in your configuration. Once the kernel is booted, it will also detect tha
 t it is in Secure Boot mode, which will cause several things to be true: it will validate the boot command line to only allow certain kernel settings, it will check loaded modules for signatures and refuse to load them if they are unsigned, and it will refuse any operations from userland which cause userland-defined DMA."
+>>>>>>> 81498dde5b8f2b88bfac7fceef8cb31843cb0e94
 msgstr ""
 
 #. Tag: para
 #, no-c-format
+<<<<<<< HEAD
 msgid "In both methods, shim, grub2, and the kernel will detect that they are started in what UEFI describes as \"User mode\" with Secure Boot enabled, and upon detecting this they will validate the next stage with a Fedora-specific cryptographic public key before starting it. The validation is done via shim for grub2, and grub2 calls back to shim to validate the kernel as well. Once the kernel is booted, it will also detect that it is in Secure Boot mode, which will cause several things to be true:"
 msgstr ""
 
@@ -80,5 +90,8 @@ msgstr ""
 #. Tag: para
 #, no-c-format
 msgid "Other distributions have chosen to not require signed kernel modules in their Secure Boot implementation. Fedora believes that to fully support Secure Boot this is required. We are working to limit the impacts of this while ensuring that untrusted module code is not allowed to execute."
+=======
+msgid "Under this scheme, the signing service will be used to sign a first-stage bootloader, <ulink url=\"https://github.com/mjg59/shim\">shim</ulink>, which holds a Fedora-specific public key. shim will then validate against the Fedora-defined key referenced above."
+>>>>>>> 81498dde5b8f2b88bfac7fceef8cb31843cb0e94
 msgstr ""
 
diff --git a/pot/Preface.pot b/pot/Preface.pot
index a13b2b4..da1c874 100644
--- a/pot/Preface.pot
+++ b/pot/Preface.pot
@@ -4,8 +4,13 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: 0\n"
+<<<<<<< HEAD
 "POT-Creation-Date: 2013-01-05T02:13:25\n"
 "PO-Revision-Date: 2013-01-05T02:13:25\n"
+=======
+"POT-Creation-Date: 2013-01-04T18:28:40\n"
+"PO-Revision-Date: 2013-01-04T18:28:40\n"
+>>>>>>> 81498dde5b8f2b88bfac7fceef8cb31843cb0e94
 "Last-Translator: Automatically generated\n"
 "Language-Team: None\n"
 "MIME-Version: 1.0\n"
diff --git a/pot/Revision_History.pot b/pot/Revision_History.pot
index b34dc32..e7afe98 100644
--- a/pot/Revision_History.pot
+++ b/pot/Revision_History.pot
@@ -4,8 +4,13 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: 0\n"
+<<<<<<< HEAD
 "POT-Creation-Date: 2013-01-05T02:13:25\n"
 "PO-Revision-Date: 2013-01-05T02:13:25\n"
+=======
+"POT-Creation-Date: 2013-01-04T18:28:40\n"
+"PO-Revision-Date: 2013-01-04T18:28:40\n"
+>>>>>>> 81498dde5b8f2b88bfac7fceef8cb31843cb0e94
 "Last-Translator: Automatically generated\n"
 "Language-Team: None\n"
 "MIME-Version: 1.0\n"
@@ -29,6 +34,7 @@ msgstr ""
 
 #. Tag: member
 #, no-c-format
+<<<<<<< HEAD
 msgid "Updated 'What is Secure Boot' chapter. (BZ 891758)"
 msgstr ""
 
@@ -44,6 +50,8 @@ msgstr ""
 
 #. Tag: member
 #, no-c-format
+=======
+>>>>>>> 81498dde5b8f2b88bfac7fceef8cb31843cb0e94
 msgid "Initial creation of book by publican"
 msgstr ""
 
diff --git a/pot/UEFI_Secure_Boot_Guide.pot b/pot/UEFI_Secure_Boot_Guide.pot
index efe1c52..dec7388 100644
--- a/pot/UEFI_Secure_Boot_Guide.pot
+++ b/pot/UEFI_Secure_Boot_Guide.pot
@@ -4,8 +4,13 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: 0\n"
+<<<<<<< HEAD
 "POT-Creation-Date: 2013-01-05T02:13:25\n"
 "PO-Revision-Date: 2013-01-05T02:13:25\n"
+=======
+"POT-Creation-Date: 2013-01-04T18:28:40\n"
+"PO-Revision-Date: 2013-01-04T18:28:40\n"
+>>>>>>> 81498dde5b8f2b88bfac7fceef8cb31843cb0e94
 "Last-Translator: Automatically generated\n"
 "Language-Team: None\n"
 "MIME-Version: 1.0\n"
diff --git a/pot/Using_your_own_keys.pot b/pot/Using_your_own_keys.pot
index 09b7724..14ef504 100644
--- a/pot/Using_your_own_keys.pot
+++ b/pot/Using_your_own_keys.pot
@@ -4,8 +4,13 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: 0\n"
+<<<<<<< HEAD
 "POT-Creation-Date: 2013-01-05T02:13:25\n"
 "PO-Revision-Date: 2013-01-05T02:13:25\n"
+=======
+"POT-Creation-Date: 2013-01-04T18:28:40\n"
+"PO-Revision-Date: 2013-01-04T18:28:40\n"
+>>>>>>> 81498dde5b8f2b88bfac7fceef8cb31843cb0e94
 "Last-Translator: Automatically generated\n"
 "Language-Team: None\n"
 "MIME-Version: 1.0\n"
diff --git a/pot/What_is_Secure_Boot.pot b/pot/What_is_Secure_Boot.pot
index 08470b6..0dbe5e2 100644
--- a/pot/What_is_Secure_Boot.pot
+++ b/pot/What_is_Secure_Boot.pot
@@ -4,8 +4,13 @@
 msgid ""
 msgstr ""
 "Project-Id-Version: 0\n"
+<<<<<<< HEAD
 "POT-Creation-Date: 2013-01-05T02:13:25\n"
 "PO-Revision-Date: 2013-01-05T02:13:25\n"
+=======
+"POT-Creation-Date: 2013-01-04T18:28:40\n"
+"PO-Revision-Date: 2013-01-04T18:28:40\n"
+>>>>>>> 81498dde5b8f2b88bfac7fceef8cb31843cb0e94
 "Last-Translator: Automatically generated\n"
 "Language-Team: None\n"
 "MIME-Version: 1.0\n"
@@ -19,7 +24,11 @@ msgstr ""
 
 #. Tag: para
 #, no-c-format
+<<<<<<< HEAD
 msgid "Secure Boot is a setup using UEFI firmware to check cryptographic signatures on the bootloader and associated OS kernel to ensure that only trusted OS binaries are loaded during the boot process. These signatures are verified against keys stored in UEFI variables. If a binary contains a valid signature, it is allowed to execute. If it does not, the binary is not allowed to execute."
+=======
+msgid "Secure boot is a setup using UEFI firmware to check cryptographic signatures on the bootloader and associated OS kernel to ensure they have not been tampered with or bypassed in the boot process. With the planned release of Windows 8, Microsoft has decided that all hardware that is marked \"Windows 8 client ready\" should:"
+>>>>>>> 81498dde5b8f2b88bfac7fceef8cb31843cb0e94
 msgstr ""
 
 #. Tag: member
@@ -34,7 +43,11 @@ msgstr ""
 
 #. Tag: member
 #, no-c-format
+<<<<<<< HEAD
 msgid "Ship the Microsoft key in firmware."
+=======
+msgid "Ship the Microsoft keys in firmware."
+>>>>>>> 81498dde5b8f2b88bfac7fceef8cb31843cb0e94
 msgstr ""
 
 #. Tag: member
@@ -44,11 +57,16 @@ msgstr ""
 
 #. Tag: para
 #, no-c-format
+<<<<<<< HEAD
 msgid "This means that Fedora versions before Fedora 18 booted on such hardware will refuse to boot until the user disables Secure Boot in the firmware. While disabling Secure Boot is a viable option that some users may wish to choose, it is not an optimal solution."
+=======
+msgid "This means that Fedora as it stands booted on such hardware will refuse to boot until the user disables secure boot in the firmware."
+>>>>>>> 81498dde5b8f2b88bfac7fceef8cb31843cb0e94
 msgstr ""
 
 #. Tag: para
 #, no-c-format
+<<<<<<< HEAD
 msgid "To facilitate out of the box functionality on new hardware, the maintainers of the grub2, kernel and associated packages have implemented Secure Boot support in Fedora 18. On UEFI machines, Fedora 18 uses a small bootloader called \"shim\" that has been signed by the Microsoft signing service (via Verisign). This allows UEFI to load shim on Windows 8 client ready machines and continue the boot process for Linux. Shim in turn boots grub2, which is signed by a Fedora key. Grub2 then boots a similarly signed Linux kernel provided by Fedora which loads the rest of the OS as per the usual boot process. The machine remains in Secure Boot mode."
 msgstr ""
 
@@ -60,5 +78,8 @@ msgstr ""
 #. Tag: para
 #, no-c-format
 msgid "This plan was approved by the Fedora Engineering Steering Committee on 23-Jul-2012."
+=======
+msgid "Maintainers of the grub2, kernel and associated packages have proposed a plan where by Fedora will have Verisign (via Microsoft) sign a bootloader shim that will in turn boot grub2 (signed by a Fedora key) and the Fedora kernel (signed by a Fedora key) to allow out of the box booting on secure boot enabled hardware. Additionally, they will provide tools and information for users to create their own keys and sign their own copy of boot shim and grub2 and kernel (and whatever else they wish to sign). This plan has been approved by the Fedora Engineering Steering Committee as of 23-Jul-2012."
+>>>>>>> 81498dde5b8f2b88bfac7fceef8cb31843cb0e94
 msgstr ""

More information about the docs-commits mailing list