blog/content/post/2024-08-19-secureboot-freebsd.md: add #603
Conversation
Signed-off-by: Filip Lewiński <[email protected]>
| ### Linux | ||
|
|
||
| On Linux, Secure Boot is supported using a small, signed bootloader called " | ||
| shim," which is pre-signed by Microsoft. Shim loads the GRUB bootloader, which |
There was a problem hiding this comment.
you can use backticks instead of quotes
There was a problem hiding this comment.
also, bootloader in general, not necessarily GRUB only
|
|
||
| ### Linux | ||
|
|
||
| On Linux, Secure Boot is supported using a small, signed bootloader called " |
There was a problem hiding this comment.
This is the approach that major linux distros took, so they can sign their kernel themselves, instead of asking Microsoft to sign each kernel update.
But it does not mean shim is crucial, it is also possible to use similar approach as in freebsd.
There was a problem hiding this comment.
This blogpost is important one to link here https://mjg59.dreamwidth.org/20303.html
| * `boot1.efi` in turn loads `loader.efi` | ||
| * Finally, `loader.efi` loads the kernel. | ||
|
|
||
| The goal scenario, according to the FreeBSD Foundation, would be that a |
There was a problem hiding this comment.
target scenario, or the goal of this scenario, or similar, depending on what the original meaning was
|
|
||
| ## Creating a Secure Boot - ready FreeBSD EFI executable | ||
|
|
||
| This guide is about migrating your current installation, not from scratch |
| $ makefs bootfs.img bootfs | ||
| ``` | ||
|
|
||
| determine the size of the boot filesystem. This will determine how much memory |
There was a problem hiding this comment.
| determine the size of the boot filesystem. This will determine how much memory | |
| Determine the size of the boot filesystem. This will determine how much memory |
| ``` | ||
| $ ls -l bootfs.img | awk '{print $5}' | ||
| ``` | ||
| add a safety factor of a couple hundred bytes (~512) to this number, and record |
There was a problem hiding this comment.
Probably needs an empty line, also I would not break sentence by a block of code. Applies to other cases as well.
| * Find the loader-kernel object. It should be located under | ||
| `<efi>/<freebsd>/loader.efi` | ||
| * Name the entry appropriately, confirm and save the changes. | ||
|
|
|
|
||
| ## Summary | ||
|
|
||
|
|
| to your `/boot/loader.conf`. | ||
|
|
||
| ## Summary | ||
|
|
There was a problem hiding this comment.
Actual technical summary could be there.
|
|
||
|
|
||
|
|
||
| Unlock the full potential of your hardware and secure your firmware with the |
There was a problem hiding this comment.
For the "marketing" part, would you like to propose something @pietrushnic ?
Perhaps mention the SB training as well?
No description provided.