[uefi-secure-boot-guide] master: Added topics (0f9ee59)

[sparks at fedoraproject.org]

Repository : http://git.fedorahosted.org/git/?p=docs/uefi-secure-boot-guide.git

On branch  : master

>---------------------------------------------------------------

commit 0f9ee59b8cba5dba55dabb1a39887a6ea5a61e67
Author: Eric Christensen <sparks at redhat.com>
Date:   Tue Jan 29 20:03:18 2013 -0500

    Added topics


>---------------------------------------------------------------

 en-US/What_is_Secure_Boot.xml |   26 +++++++++++++-------------
 1 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/en-US/What_is_Secure_Boot.xml b/en-US/What_is_Secure_Boot.xml
index 85b7037..f0a59f0 100644
--- a/en-US/What_is_Secure_Boot.xml
+++ b/en-US/What_is_Secure_Boot.xml
@@ -6,23 +6,23 @@
 <chapter id="chap-UEFI_Secure_Boot_Guide-What_is_Secure_Boot">
 	<title>What is UEFI Secure Boot?</title>
 	<para>
-		Secure Boot is a setup using UEFI firmware to check cryptographic signatures on the bootloader and associated OS kernel to ensure that only trusted OS binaries are loaded during the boot process.  These signatures are verified against keys stored in UEFI variables.  If a binary contains a valid signature, it is allowed to execute.  If it does not, the binary is not allowed to execute.
-		<simplelist>
-			<member>Have secure boot enabled by default.</member>
-			<member>Allow a physically present user to disable secure boot in the firmware interface.</member>
-			<member>Ship the Microsoft key in firmware.</member>
-			<member>Allow a physically present user to enroll their own keys in the firmware interface.</member>
-		</simplelist>
-	This means that Fedora versions before Fedora 18 booted on such hardware will refuse to boot until the user disables Secure Boot in the firmware.  While disabling Secure Boot is a viable option that some users may wish to choose, it is not an optimal solution.
+		Secure Boot is a setup using UEFI firmware to check cryptographic signatures on the bootloader and associated operating system kernel to ensure that only trusted binaries are loaded during the boot process.  These signatures are verified against keys stored in UEFI variables.  If a binary contains a valid signature, it is allowed to execute.  If it does not, the binary is not allowed to execute.
 	</para>
 	<para>
-	To facilitate out of the box functionality on new hardware, the maintainers of the grub2, kernel and associated packages have implemented Secure Boot support in Fedora 18.  On UEFI machines, Fedora 18 uses a small bootloader called "shim" that has been signed by the Microsoft signing service (via Verisign).  This allows UEFI to load shim on Windows 8 client ready machines and continue the boot process for Linux.  Shim in turn boots grub2, which is signed by a Fedora key.  Grub2 then boots a similarly signed Linux kernel provided by Fedora which loads the rest of the OS as per the usual boot process.  The machine remains in Secure Boot mode.
+	Earlier versions of &PRODUCT; booted on such hardware will refuse to boot until the user disables Secure Boot in the firmware.  While disabling Secure Boot is a viable option that some users may wish to choose, it is not an optimal solution.
 	</para>
 	<para>
-	Additional tools and information will provided for users to create their own keys and sign their own copy of shim and grub2 and kernel. 
-	</para>
-	<para>
-	This plan was approved by the Fedora Engineering Steering Committee on 23-Jul-2012.
+	To facilitate out of the box functionality on new hardware, the maintainers of the grub2, kernel and associated packages have implemented Secure Boot support in &PRODUCT;.  On UEFI machines, &PRODUCT; uses a small bootloader called "shim" that has been signed by the Microsoft signing service (via Verisign).  This allows UEFI to load shim on Windows 8 client ready machines and continue the boot process for Linux.  Shim in turn boots grub2, which is signed by a &PRODUCT; key.  Grub2 then boots a similarly signed Linux kernel provided by Fedora which loads the rest of the OS as per the usual boot process.  The machine remains in Secure Boot mode.
 	</para>
+	<section id="sect-UEFI_Secure_Boot_Guide-What_is_Secure_Boot-Protect_you_from">
+		<title>What does Secure Boot protect you from?</title>
+		<para>
+		</para>
+	</section>
+        <section id="sect-UEFI_Secure_Boot_Guide-What_is_Secure_Boot-Doesn't_Protect_you_from">
+                <title>What does Secure Boot not protect you from?</title>
+                <para>
+                </para>
+        </section>
 </chapter>