[uefi-secure-boot-guide] master: Added explaination of pesign (f5c1b2f)

sparks at fedoraproject.org sparks at fedoraproject.org
Thu Jan 31 20:09:42 UTC 2013 

Repository : http://git.fedorahosted.org/git/?p=docs/uefi-secure-boot-guide.git

On branch  : master

>---------------------------------------------------------------

commit f5c1b2f8541d59acf7e660d309dfdaf72db7d84b
Author: Eric Christensen <sparks at redhat.com>
Date:   Thu Jan 31 14:53:55 2013 -0500

    Added explaination of pesign


>---------------------------------------------------------------

 en-US/Tools.xml |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/en-US/Tools.xml b/en-US/Tools.xml
index 244652c..c9d6854 100644
--- a/en-US/Tools.xml
+++ b/en-US/Tools.xml
@@ -11,12 +11,13 @@
 	<section id="sect-UEFI_Secure_Boot_Guide-Tools-shim">
 		<title>Shim</title>
 		<para>
-			Shim is the cryptographically signed software that creates the trust between the UEFI firmware and GRUB and the kernel software.  Shim is cryptographically signed by Verisign (via Microsoft) so that the UEFI firmware will cryptographically recognize the &PRODUCT; system and allow the software to continue through the boot process.  The shim validates GRUB and kernel though a cryptographic verification based on a &PRODUCT; key used to sign all three.
+			<firstterm>Shim</firstterm> is the cryptographically signed software that creates the trust between the UEFI firmware and GRUB and the kernel software.  Shim is cryptographically signed by Verisign (via Microsoft) so that the UEFI firmware will cryptographically recognize the &PRODUCT; system and allow the software to continue through the boot process.  The shim validates GRUB and kernel though a cryptographic verification based on a &PRODUCT; key used to sign all three.
 		</para>
 	</section>
         <section id="sect-UEFI_Secure_Boot_Guide-Tools-pesign">
                 <title>pesign</title>
                 <para>
+			<firstterm>Pesign</firstterm> allows users to create their own shim and use their own cryptographic keys.  Using this tool, one can create their own trust model and not be required to trust the Microsoft keys and trust model.  Once the user has created their keys and signed their shim, and optionally signed and built GRUB and kernel, they can use the setup mode in the firmware to install &PRODUCT; and use the <firstterm>sbsetup</firstterm> tool as provided by pesign to enroll their keys in the firmware.
                 </para>
         </section>
         <section id="sect-UEFI_Secure_Boot_Guide-Tools-efikeygen">

More information about the docs-commits mailing list