[uefi-secure-boot-guide] master: There's no thing called "Microsoft Secure Boot". (7fbba74)
by Eric Christensen
Repository : http://git.fedorahosted.org/git/?p=docs/uefi-secure-boot-guide.git
On branch : master
>---------------------------------------------------------------
commit 7fbba7485c05b14d5952cf127a2d296cd2402d32
Author: Peter Jones <pjones(a)redhat.com>
Date: Wed Feb 27 15:12:08 2013 -0500
There's no thing called "Microsoft Secure Boot".
Since no such thing exists, we shouldn't make it sound like it does.
Signed-off-by: Peter Jones <pjones(a)redhat.com>
Signed-off-by: Eric Christensen <sparks(a)redhat.com>
>---------------------------------------------------------------
en-US/What_is_Secure_Boot.xml | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/en-US/What_is_Secure_Boot.xml b/en-US/What_is_Secure_Boot.xml
index a1b292b..64878b3 100644
--- a/en-US/What_is_Secure_Boot.xml
+++ b/en-US/What_is_Secure_Boot.xml
@@ -110,7 +110,7 @@ server technology will support Secure Boot at a future date.
</note>
</section>
<section id="sect-UEFI_Secure_Boot_Guide-What_is_Secure_Boot-Microsoft_Implementation">
-<title>Microsoft Secure Boot</title>
+<title>Microsoft Requirements for Secure Boot</title>
<para>
Microsoft has not published many details about their
implementation of Secure Boot, which is based on UEFI Secure Boot.
11 years, 2 months
[uefi-secure-boot-guide] master: Don't say we it doesn't protect against malware, because that's what it does. (bcbdbb9)
by Eric Christensen
Repository : http://git.fedorahosted.org/git/?p=docs/uefi-secure-boot-guide.git
On branch : master
>---------------------------------------------------------------
commit bcbdbb922260d26854382df8c9ee53f254651a24
Author: Peter Jones <pjones(a)redhat.com>
Date: Wed Feb 27 15:12:16 2013 -0500
Don't say we it doesn't protect against malware, because that's what it does.
Instead explain that it only protects against one particular class of
malware, and not others.
Signed-off-by: Peter Jones <pjones(a)redhat.com>
Signed-off-by: Eric Christensen <sparks(a)redhat.com>
>---------------------------------------------------------------
en-US/What_is_Secure_Boot.xml | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/en-US/What_is_Secure_Boot.xml b/en-US/What_is_Secure_Boot.xml
index 76d1a40..a1b292b 100644
--- a/en-US/What_is_Secure_Boot.xml
+++ b/en-US/What_is_Secure_Boot.xml
@@ -506,11 +506,11 @@ configuration on disk.)
<section id="sect-UEFI_Secure_Boot_Guide-What_is_Secure_Boot-Risks">
<title>Potential Secure Boot Risks</title>
<para>
- Secure Boot will not protect your PC from malware or attackers.
-Secure Boot itself protects the boot phase of a system. In &PRODUCT; if you
-use Secure Boot, what modules the kernel loads can be restricted, but user
-space malware cannot. The initial ramdisk (initrd) disk image used during
-boot is not signed and could contain malicious code. The kernel
+ Secure Boot will not protect your PC from most malware or attackers.
+Secure Boot itself protects the boot phase of a system, but does not protect against attacks against your running system or data. In &PRODUCT; if you
+use Secure Boot, what modules the kernel loads can be restricted, but no
+additional protection is provide against user space malware. The initial ramdisk (initrd) disk image used during
+boot is not protected by this feature, and could contain malicious code.
</para>
<section id="sect-UEFI_Secure_Boot_Guide-What_is_Secure_Boot-Risks-Forced_Removal_of_Features">
<title>Forced removal of features in Secure Boot mode</title>
11 years, 2 months
[uefi-secure-boot-guide] master: Nobody calls Secure Boot "Verified Boot". (95f0d20)
by Eric Christensen
Repository : http://git.fedorahosted.org/git/?p=docs/uefi-secure-boot-guide.git
On branch : master
>---------------------------------------------------------------
commit 95f0d20dba099dde9221d38972f810154c997b73
Author: Peter Jones <pjones(a)redhat.com>
Date: Wed Feb 27 15:12:04 2013 -0500
Nobody calls Secure Boot "Verified Boot".
I think "Verified Boot" is intended as a category here, so make it read
that way.
Signed-off-by: Peter Jones <pjones(a)redhat.com>
Signed-off-by: Eric Christensen <sparks(a)redhat.com>
>---------------------------------------------------------------
en-US/What_is_Secure_Boot.xml | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/en-US/What_is_Secure_Boot.xml b/en-US/What_is_Secure_Boot.xml
index 90a23c2..0a65ad3 100644
--- a/en-US/What_is_Secure_Boot.xml
+++ b/en-US/What_is_Secure_Boot.xml
@@ -14,8 +14,8 @@ potentially, user space, it is possible to prevent the execution of
unsigned code.
</para>
<para>
- Secure Boot is sometimes called <firstterm>Verified
- Boot</firstterm>. Boot path validation is also part of other
+ <firstterm>Secure Boot</firstterm> is a form of <firstterm>Verified
+ Booting</firstterm>. Boot path validation is also part of other
technologies such as <firstterm>Trusted Boot</firstterm>. Boot path
validation is indepedent of secure storage of cryptographic keys and
remote attestation.
11 years, 2 months
[uefi-secure-boot-guide] master: Specify exactly when UEFI started including Secure Boot. (de83644)
by Eric Christensen
Repository : http://git.fedorahosted.org/git/?p=docs/uefi-secure-boot-guide.git
On branch : master
>---------------------------------------------------------------
commit de836442a352697472cba065dc543b7a32c63ae5
Author: Peter Jones <pjones(a)redhat.com>
Date: Wed Feb 27 15:12:05 2013 -0500
Specify exactly when UEFI started including Secure Boot.
I doubt if anybody is going to go looking at the 1.10 spec for this, but
a good reference isn't a bad thing.
Signed-off-by: Peter Jones <pjones(a)redhat.com>
Signed-off-by: Eric Christensen <sparks(a)redhat.com>
>---------------------------------------------------------------
en-US/What_is_Secure_Boot.xml | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/en-US/What_is_Secure_Boot.xml b/en-US/What_is_Secure_Boot.xml
index ff445bf..90a23c2 100644
--- a/en-US/What_is_Secure_Boot.xml
+++ b/en-US/What_is_Secure_Boot.xml
@@ -25,8 +25,8 @@ unsigned code.
<para>
<firstterm>UEFI Secure Boot</firstterm> is the boot path validation
component of the <firstterm>UEFI</firstterm> specification
- (<firstterm>Unified Extensible Firmware Interface</firstterm>).
- Roughly speaking, it specifies the following:
+ (<firstterm>Unified Extensible Firmware Interface</firstterm>)as of version
+ 2.3. Roughly speaking, it specifies the following:
</para>
<itemizedlist>
<listitem>
11 years, 2 months
[uefi-secure-boot-guide] master: We really don't need to be recommending attack vectors. (fea9236)
by Eric Christensen
Repository : http://git.fedorahosted.org/git/?p=docs/uefi-secure-boot-guide.git
On branch : master
>---------------------------------------------------------------
commit fea9236919b19b66d26e4474e77c4608063f3f19
Author: Peter Jones <pjones(a)redhat.com>
Date: Wed Feb 27 15:12:11 2013 -0500
We really don't need to be recommending attack vectors.
Also there's not a lot of evidence that this is viable anyway, so let's
just not spread FUD.
Signed-off-by: Peter Jones <pjones(a)redhat.com>
Signed-off-by: Eric Christensen <sparks(a)redhat.com>
>---------------------------------------------------------------
en-US/What_is_Secure_Boot.xml | 3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/en-US/What_is_Secure_Boot.xml b/en-US/What_is_Secure_Boot.xml
index 886649a..ff445bf 100644
--- a/en-US/What_is_Secure_Boot.xml
+++ b/en-US/What_is_Secure_Boot.xml
@@ -417,8 +417,7 @@ to the end user in any way.
<para>
In the booted operating system, Microsoft Windows 8 supports
AuthentiCode validation and loading of signed third-party kernel
-modules. Hibernation is not disabled, which may provide a venue to
-circumvent UEFI Secure Boot. Windows has infrastructure to extend
+modules. Windows has infrastructure to extend
cryptographic validation to user space programs, again based on
AuthentiCode.
</para>
11 years, 2 months
[uefi-secure-boot-guide] master: Explain Secure Boot as a thing in terms of the system, not the bootloader. (4ae52b6)
by Eric Christensen
Repository : http://git.fedorahosted.org/git/?p=docs/uefi-secure-boot-guide.git
On branch : master
>---------------------------------------------------------------
commit 4ae52b6c021f845a3fcf32e14292a72658ded76c
Author: Peter Jones <pjones(a)redhat.com>
Date: Wed Feb 27 15:12:03 2013 -0500
Explain Secure Boot as a thing in terms of the system, not the bootloader.
Secure boot isn't a thing the bootloader does - it's a thing the system
does in relation /to/ the bootloader. So our docs should reflect that.
Our bootloader's extension of that into the kernel and so on is a
necessary side effect of that, but it's not the core technology itself.
Signed-off-by: Peter Jones <pjones(a)redhat.com>
Signed-off-by: Eric Christensen <sparks(a)redhat.com>
>---------------------------------------------------------------
en-US/What_is_Secure_Boot.xml | 7 +++----
1 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/en-US/What_is_Secure_Boot.xml b/en-US/What_is_Secure_Boot.xml
index 3293933..9b3d950 100644
--- a/en-US/What_is_Secure_Boot.xml
+++ b/en-US/What_is_Secure_Boot.xml
@@ -6,10 +6,9 @@
<chapter id="chap-UEFI_Secure_Boot_Guide-What_is_Secure_Boot">
<title>What is UEFI Secure Boot?</title>
<para>
-<firstterm>Secure Boot</firstterm> is a technology where the system boot
-loader
-checks that the next-stage boot loader is signed with a cryptographic key
-authorized by the configuration of the system boot loader. With adequate
+<firstterm>Secure Boot</firstterm> is a technology where the system firmware
+checks that the system boot loader is signed with a cryptographic key
+authorized by a database contained in the firmware. With adequate
signature verification in the next-stage boot loader(s), kernel, and,
potentially, user space, it is possible to prevent the execution of
unsigned code.
11 years, 2 months
[uefi-secure-boot-guide] master: Clarify Secure Boot's goal in regards to improperly modified boot path. (b8b9e9a)
by Eric Christensen
Repository : http://git.fedorahosted.org/git/?p=docs/uefi-secure-boot-guide.git
On branch : master
>---------------------------------------------------------------
commit b8b9e9a67b8885e11d89967fff6b9b816a42f3af
Author: Peter Jones <pjones(a)redhat.com>
Date: Wed Feb 27 15:12:06 2013 -0500
Clarify Secure Boot's goal in regards to improperly modified boot path.
SB doesn't really do anything for /reconstruction/, but it does actually
stop /execution/. Say so.
Signed-off-by: Peter Jones <pjones(a)redhat.com>
Signed-off-by: Eric Christensen <sparks(a)redhat.com>
>---------------------------------------------------------------
en-US/What_is_Secure_Boot.xml | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/en-US/What_is_Secure_Boot.xml b/en-US/What_is_Secure_Boot.xml
index 20fb238..886649a 100644
--- a/en-US/What_is_Secure_Boot.xml
+++ b/en-US/What_is_Secure_Boot.xml
@@ -97,8 +97,8 @@ second-stage boot loaders or require explicit user confirmation of such
changes. Signatures are verified during booting, and not when the boot
loader is installed or updated.
Therefore, UEFI Secure Boot does not stop boot path manipulations.
-It only simplifies their detection and the reconstruction of the
-original, uncompromised boot path.
+It only prevents the system from executing a modified boot path once such
+a modification has occurred, and simplifies their detection.
</para>
<note>
<title>Client Technology</title>
11 years, 2 months
[uefi-secure-boot-guide] master: Distinguish between our SB implementation's goals and its mechanism. (98a3580)
by Eric Christensen
Repository : http://git.fedorahosted.org/git/?p=docs/uefi-secure-boot-guide.git
On branch : master
>---------------------------------------------------------------
commit 98a35806489df4ad4ff27e3344881259d1813224
Author: Peter Jones <pjones(a)redhat.com>
Date: Wed Feb 27 15:12:14 2013 -0500
Distinguish between our SB implementation's goals and its mechanism.
The goal isn't to cryptographically check things - the goal is to stop
exploits.
Signed-off-by: Peter Jones <pjones(a)redhat.com>
Signed-off-by: Eric Christensen <sparks(a)redhat.com>
>---------------------------------------------------------------
en-US/What_is_Secure_Boot.xml | 5 ++++-
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/en-US/What_is_Secure_Boot.xml b/en-US/What_is_Secure_Boot.xml
index 9b3d950..657134e 100644
--- a/en-US/What_is_Secure_Boot.xml
+++ b/en-US/What_is_Secure_Boot.xml
@@ -429,7 +429,10 @@ AuthentiCode.
<title>&PRODUCT; Secure Boot</title>
<para>
The &PRODUCT; Secure Boot implementation has a single security
-objective: it prevents the execution of unsigned code in kernel mode.
+objective: it prevents installation of a class of malware known as
+<firstterm>boot kits</firstterm> that infect the boot path of the
+machine. In order to do this, it prevents the execution of unsigned code,
+starting in the boot process and extending to the kernel and its modules.
</para>
<para>
&PRODUCT; can boot on systems with Microsoft Secure Boot enabled,
11 years, 2 months
[uefi-secure-boot-guide] master: Reference the Microsoft document that actually exists. (07a9591)
by Eric Christensen
Repository : http://git.fedorahosted.org/git/?p=docs/uefi-secure-boot-guide.git
On branch : master
>---------------------------------------------------------------
commit 07a9591e1189bb51f97d6c1141251c6bffcd47ef
Author: Peter Jones <pjones(a)redhat.com>
Date: Wed Feb 27 15:12:12 2013 -0500
Reference the Microsoft document that actually exists.
I have no idea where the idea of a "Microsoft Secure Boot specification"
came from, but there's no such thing.
Signed-off-by: Peter Jones <pjones(a)redhat.com>
Signed-off-by: Eric Christensen <sparks(a)redhat.com>
>---------------------------------------------------------------
en-US/What_is_Secure_Boot.xml | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/en-US/What_is_Secure_Boot.xml b/en-US/What_is_Secure_Boot.xml
index 657134e..20fb238 100644
--- a/en-US/What_is_Secure_Boot.xml
+++ b/en-US/What_is_Secure_Boot.xml
@@ -446,8 +446,8 @@ to provide a Microsoft Secure Boot environment.
<para>
Third-party UEFI boot loaders (such as the &PRODUCT; boot loader) are
not guaranteed to work on Microsoft Secure Boot systems because the
-necessary certificates are not part of the Microsoft Secure Boot
-specification. If your hardware is in this category, you need to
+necessary certificates are not part of the Windows 8 Hardware Certification
+Requirements. If your hardware is in this category, you need to
switch off UEFI Secure Boot, enroll the missing Microsoft certificate,
or enroll the &PRODUCT; certificate.
</para>
11 years, 2 months