Repository : http://git.fedorahosted.org/git/?p=docs/uefi-secure-boot-guide.git
On branch : master
commit 6745f1709f133139a8160eeab2daa3b50dff1e20 Author: Eric Christensen sparks@redhat.com Date: Thu Jan 31 11:39:11 2013 -0500
Changed 'Fedora' to the entity
en-US/What_is_Secure_Boot.xml | 6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/en-US/What_is_Secure_Boot.xml b/en-US/What_is_Secure_Boot.xml index e87d0cf..1cb0b84 100644 --- a/en-US/What_is_Secure_Boot.xml +++ b/en-US/What_is_Secure_Boot.xml @@ -12,7 +12,7 @@ Earlier versions of &PRODUCT; booted on such hardware will refuse to boot until the user disables Secure Boot in the firmware. While disabling Secure Boot is a viable option that some users may wish to choose, it is not an optimal solution. </para> <para> - To facilitate out of the box functionality on new hardware, the maintainers of the grub2, kernel and associated packages have implemented Secure Boot support in &PRODUCT;. On UEFI machines, &PRODUCT; uses a small bootloader called "shim" that has been signed by the Microsoft signing service (via Verisign). This allows UEFI to load shim on Windows 8 client ready machines and continue the boot process for Linux. Shim in turn boots grub2, which is signed by a &PRODUCT; key. Grub2 then boots a similarly signed Linux kernel provided by Fedora which loads the rest of the OS as per the usual boot process. The machine remains in Secure Boot mode. + To facilitate out of the box functionality on new hardware, the maintainers of the grub2, kernel and associated packages have implemented Secure Boot support in &PRODUCT;. On UEFI machines, &PRODUCT; uses a small bootloader called "shim" that has been signed by the Microsoft signing service (via Verisign). This allows UEFI to load shim on Windows 8 client ready machines and continue the boot process for Linux. Shim in turn boots grub2, which is signed by a &PRODUCT; key. Grub2 then boots a similarly signed Linux kernel provided by &PRODUCT; which loads the rest of the OS as per the usual boot process. The machine remains in Secure Boot mode. </para> <section id="sect-UEFI_Secure_Boot_Guide-What_is_Secure_Boot-Protect_you_from"> <title>What does Secure Boot protect you from?</title> @@ -25,7 +25,7 @@ extend this chain of trust down into user binaries, but that moves us outside of the concept of Secure Boot and into another topic. </para> <para> - Fedora has expanded the chain of trust into the Kernel. + &PRODUCT; has expanded the chain of trust into the Kernel. Verification happens as far as only loading signed kernel modules, but it does not extend to user space applications. We can be certain that no malware is present until the initial ramdisk (initrd) is loaded. Since @@ -37,7 +37,7 @@ initrd cannot currently be signed, it cannot be verified. <para> Secure Boot will not protect your PC from malware or attackers. Secure Boot itself is simply to protect the boot phase of a system. In -Fedora if you use Secure Boot, what modules the kernel loads can be +&PRODUCT; if you use Secure Boot, what modules the kernel loads can be restricted, but user space malware cannot. This of course doesn't mean Secure Boot isn't useful, just that it currently only serves a single purpose, which is protecting the boot loader.
docs-commits@lists.fedoraproject.org