[if gte mso 9]>

Re: [edk2] UEFI Secure boot.

Subject: Re: [edk2] UEFI Secure boot.

From: "Rosenbaum, Lee G" <lee.g.rosenbaum@intel.com>

To: "edk2-devel@lists.sourceforge.net" <edk2-devel@lists.sourceforge.net>

Date: 2012-02-04 08:28:38

Yes, the UEFI Spec is a good place to start, specifically:

Section 3.2 Globally Defined Variables)

Sections 7.2 (Variable Services)

Sections 27.2 through 27.8 (Secure Boot) 

Should be possible to add secure boot to OVMF but I don’t know if anyone has done that yet

 

At a high level, when secure boot is enabled, only digitally signed UEFI images  (ie OS loaders, …) can run.

Signing is per the Microsoft PE/COFF and Authenticode specs (links in the UEFI spec)

 

One doc that may help is:

Intel Technology Journal issue on  Pre-OS Security, page 80 at

http://www.intel.com/technology/itj/2011/v15i1/pdfs/Intel-Technology-Journal-Volume-15-Issue-1-2011.pdf

 

 

 

 

From: satish kondapalli [mailto:nitw.satish@gmail.com]
Sent: Friday, February 03, 2012 9:19 AM
To: edk2-devel@lists.sourceforge.net
Subject: [edk2] UEFI Secure boot.

 

Hi,

I want to know  about UEFI Secure boot. What services it will provide?. Is there a way to test secure boot through OVMF or any other Package?.

I started looking into UEFI Spec. Can any one explain at high level overview what UEFI secure boot will do? 

Please provide any DOCs for UEFI secure boot...

Thanks
Sateesh