Repository :
http://git.fedorahosted.org/git/?p=docs/uefi-secure-boot-guide.git
On branch : master
---------------------------------------------------------------
commit 6745f1709f133139a8160eeab2daa3b50dff1e20
Author: Eric Christensen <sparks(a)redhat.com>
Date: Thu Jan 31 11:39:11 2013 -0500
Changed 'Fedora' to the entity
---------------------------------------------------------------
en-US/What_is_Secure_Boot.xml | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/en-US/What_is_Secure_Boot.xml b/en-US/What_is_Secure_Boot.xml
index e87d0cf..1cb0b84 100644
--- a/en-US/What_is_Secure_Boot.xml
+++ b/en-US/What_is_Secure_Boot.xml
@@ -12,7 +12,7 @@
Earlier versions of &PRODUCT; booted on such hardware will refuse to boot until the
user disables Secure Boot in the firmware. While disabling Secure Boot is a viable option
that some users may wish to choose, it is not an optimal solution.
</para>
<para>
- To facilitate out of the box functionality on new hardware, the maintainers of the
grub2, kernel and associated packages have implemented Secure Boot support in
&PRODUCT;. On UEFI machines, &PRODUCT; uses a small bootloader called
"shim" that has been signed by the Microsoft signing service (via Verisign).
This allows UEFI to load shim on Windows 8 client ready machines and continue the boot
process for Linux. Shim in turn boots grub2, which is signed by a &PRODUCT; key.
Grub2 then boots a similarly signed Linux kernel provided by Fedora which loads the rest
of the OS as per the usual boot process. The machine remains in Secure Boot mode.
+ To facilitate out of the box functionality on new hardware, the maintainers of the
grub2, kernel and associated packages have implemented Secure Boot support in
&PRODUCT;. On UEFI machines, &PRODUCT; uses a small bootloader called
"shim" that has been signed by the Microsoft signing service (via Verisign).
This allows UEFI to load shim on Windows 8 client ready machines and continue the boot
process for Linux. Shim in turn boots grub2, which is signed by a &PRODUCT; key.
Grub2 then boots a similarly signed Linux kernel provided by &PRODUCT; which loads the
rest of the OS as per the usual boot process. The machine remains in Secure Boot mode.
</para>
<section
id="sect-UEFI_Secure_Boot_Guide-What_is_Secure_Boot-Protect_you_from">
<title>What does Secure Boot protect you from?</title>
@@ -25,7 +25,7 @@ extend this chain of trust down into user binaries, but that moves us
outside of the concept of Secure Boot and into another topic.
</para>
<para>
- Fedora has expanded the chain of trust into the Kernel.
+ &PRODUCT; has expanded the chain of trust into the Kernel.
Verification happens as far as only loading signed kernel modules, but it
does not extend to user space applications. We can be certain that no
malware is present until the initial ramdisk (initrd) is loaded. Since
@@ -37,7 +37,7 @@ initrd cannot currently be signed, it cannot be verified.
<para>
Secure Boot will not protect your PC from malware or attackers.
Secure Boot itself is simply to protect the boot phase of a system. In
-Fedora if you use Secure Boot, what modules the kernel loads can be
+&PRODUCT; if you use Secure Boot, what modules the kernel loads can be
restricted, but user space malware cannot. This of course doesn't mean
Secure Boot isn't useful, just that it currently only serves a single
purpose, which is protecting the boot loader.