[uefi-secure-boot-guide] master: Merge branch 'master' of git://git.fedorahosted.org/git/docs/uefi-secure-boot-guide into bressers (75d5407)

sparks at fedoraproject.org sparks at fedoraproject.org
Fri Feb 1 21:46:14 UTC 2013 

Repository : http://git.fedorahosted.org/git/?p=docs/uefi-secure-boot-guide.git

On branch  : master

>---------------------------------------------------------------

commit 75d5407b2a62c52e320d81cab52779d45d84bdf9
Merge: 45c74e9 f5c1b2f
Author: Josh Bressers <josh at bress.net>
Date:   Thu Jan 31 15:07:18 2013 -0600

    Merge branch 'master' of git://git.fedorahosted.org/git/docs/uefi-secure-boot-guide into bressers



>---------------------------------------------------------------

 en-US/Tools.xml |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/en-US/Tools.xml b/en-US/Tools.xml
index 47dfe06..c9d6854 100644
--- a/en-US/Tools.xml
+++ b/en-US/Tools.xml
@@ -11,11 +11,13 @@
 	<section id="sect-UEFI_Secure_Boot_Guide-Tools-shim">
 		<title>Shim</title>
 		<para>
+			<firstterm>Shim</firstterm> is the cryptographically signed software that creates the trust between the UEFI firmware and GRUB and the kernel software.  Shim is cryptographically signed by Verisign (via Microsoft) so that the UEFI firmware will cryptographically recognize the &PRODUCT; system and allow the software to continue through the boot process.  The shim validates GRUB and kernel though a cryptographic verification based on a &PRODUCT; key used to sign all three.
 		</para>
 	</section>
         <section id="sect-UEFI_Secure_Boot_Guide-Tools-pesign">
                 <title>pesign</title>
                 <para>
+			<firstterm>Pesign</firstterm> allows users to create their own shim and use their own cryptographic keys.  Using this tool, one can create their own trust model and not be required to trust the Microsoft keys and trust model.  Once the user has created their keys and signed their shim, and optionally signed and built GRUB and kernel, they can use the setup mode in the firmware to install &PRODUCT; and use the <firstterm>sbsetup</firstterm> tool as provided by pesign to enroll their keys in the firmware.
                 </para>
         </section>
         <section id="sect-UEFI_Secure_Boot_Guide-Tools-efikeygen">

More information about the docs-commits mailing list