FreeBSD Developer Summit: UEFI

May 15, 2013 13:30-16:30 in SITE F0126


This working group is focussed on how FreeBSD can adapt to the UEFI boot environment. It is open to anyone with an interest in the state of FreeBSD on UEFI and anyone who wishes to be part of further discussions as to how FreeBSD on UEFI will look.

If you would like to participate, contact BennoRice and CC devsummit@.

It may be possible to bring in people who cannot attend in person via video conference or chat tools. Notes during the session will be published later on for the whole community to see what we discussed.


In this working group I hope to update the developer community as to the state of support of UEFI under FreeBSD. This will be in the form of a brief presentation. After that a series of discussions will be held around certain topics with a view to determining future directions of UEFI support.





Structure of the EFI System Partition under FreeBSD


Interoperation with other OSes and FreeBSD installations on the same system


How updates to boot stubs, loader and kernels are managed


How a UEFI-based FreeBSD system is installed (also relates to #2)


How and to what extent to we support Secure Boot?


Making the kernel relocatable to avoid issues with UEFI memory allocations


Refactoring libefi et al to better share code across platforms


In order to attend you need register for the developer summit as well as by email for the session and be confirmed by the working group organizer. Follow the guidelines described on the main page or what you received by email. For questions or if in doubt ask the session chairs.

Please do NOT add yourself here. Your name will appear automatically once you have received the confirmation email. You need to put your name on the general developer summit attendees list though.


Username / Affiliation

Topics of Interest




Session chair





Documentation team

David Bright

Dell Compellent (JustinGibbs)





Joseph Kong

Author (JohnBaldwin)







Peter Wong

NetApp (PeterGrehan)



Notes & Results

This is not a direct transcript of the session, more a list of the outcomes of the discussions in the working group, issues that were discussed and the tasks associated with addressing them.

Loader and Early Boot

Currently we lack support for booting under UEFI systems. Code is present in the projects/uefi branch but needs some work before it can be merged back.

The general consensus of the working group is that our boot process should look something like this:

The intent is that boot can begin at either of the stages listed above. If desired, loader.efi can be placed in the EFI System Partition and boot can begin directly from that point but the three-stage process listed above gives us a good default that will allow Secure Boot while minimising the need for frequent re-signing by third-parties (i.e. Microsoft).

The following issues exist:

Kernel Fixes

The following issues exist:


The following issues exist:

Secure Boot

The primary concern with support for Secure Boot is to ensure that anyone who attempts to install FreeBSD on a system with Secure Boot enabled can do so. The anticipated common scenarios are going to be either Secure Boot disabled or Secure Boot enabled with Microsoft's key present. The former will be supported with minimal change, the latter requires us to have a shim loader (see above) signed by Microsoft. We will also need internal signing certificates for the later stages of the boot process (up to and including loader.efi but not necessarily the kernel) and code to perform verification.

Later we can look at providing further optional support for people who want to construct secure, signed boot chains involving signatures all the way to the kernel and beyond to modules or even executables.

The following issues exist:

General Issues

The following issues exist:

201305DevSummit/UEFI (last edited 2013-05-16 16:03:24 by BennoRice)