FreeBSD 10.1 Is to Support Secure Boot Capabilities

Secure boot will be backed up by default in the upcoming FreeBSD 10.1 release, which is due to be built by the close of October.

As the FreeBSD’s 10.1 boot process is being under a steady progress development for more stability and security, Implementing UEFI booting is the first step on the road. Secure boot is a feature as called the Unified Extensible Firmware Interface (UEFI), the replacement of the old BIOS. Microsoft Win 8 was probably the first major OS to take extensive advantage of  UEFI fully implementing it in October 2011, UEFI uses encrypted key exchanges to verify whether the operating system which was booting on given hardware was what it claimed to be.

UEFI is a complete redesigning of the computer boot, and as such it bears almost no similarities to the legacy BIOS that it supersedes.des. While BIOS is fundamentally a solid piece of firmware, UEFI is a programmable software interface that sits on top of all computer hardware and firmware. UEFI specifications define boot and runtime services, protocols for communication between services, device drivers, extensions, and even an EFI shell, where you can run EFI applications. On top of all this, is the boot loader, which does an operating system’s boot loader.

The fact that UEFI is completely a software, is what makes it unified. Thus far, UEFI can be applied by almost every 32- and 64-bit, ARM, Intel, and AMD chip, since only the boot code had to be composed for the target platform. Every major desktop (OS X, Windows) and server OS (Linux) supports UEFI boot today.

The bugs related to booting are being fixed on real time hardware, that Intel has provided the FreeBSD Project with a test motherboard for UEFI boot development rather than emulators. Several Linux distributions have already supported the secure boot feature, among them being Ubuntu, openSUSE, and Fedora.

FreeBSD developers said that There is an existing shim leader, implemented by (Linux kernel developer) Matthew Garrett while at Red Hat, which is usable under the BSD license. This frees them to continue to develop this loader as the FreeBSD secure boot process evolves. They too think this originally demonstrates the suitability of the BSD license, to achieve wide adoption and collaboration on infrastructure components,

The continuing work of the UEFI booting is to validate signed kernels and modules. The FreeBSD had recognized from beginning that it is sort of critical to cause these details right in parliamentary procedure to generate signed builds and to uphold the necessary key management and warehousing. As a result, these fears are being publicly discussed in the working groups at the BSDCan developer summit in May 2014.