FreeBSD Developer Summit: UEFI

May 15, 2013 13:30-16:30 in SITE F0126

Overview

This working group was focused on how FreeBSD can adapt to the UEFI boot environment. It was open to anyone with an interest in the state of FreeBSD on UEFI and anyone who wished to be part of further discussions as to how FreeBSD on UEFI will look.

It may be possible to bring in people who cannot attend in person via video conference or chat tools. Notes during the session will be published later on for the whole community to see what we discussed.

Goals

In this working group I hope to update the developer community as to the state of support of UEFI under FreeBSD. This will be in the form of a brief presentation. After that a series of discussions will be held around certain topics with a view to determining future directions of UEFI support.

Topics

#

Topic

1

Structure of the EFI System Partition under FreeBSD

2

Interoperation with other OSes and FreeBSD installations on the same system

3

How updates to boot stubs, loader and kernels are managed

4

How a UEFI-based FreeBSD system is installed (also relates to #2)

5

How and to what extent to we support Secure Boot?

6

Making the kernel relocatable to avoid issues with UEFI memory allocations

7

Refactoring libefi et al to better share code across platforms

Attending

In order to attend you need register for the developer summit as well as by email for the session and be confirmed by the working group organizer. Follow the guidelines described on the main page or what you received by email. For questions or if in doubt ask the session chairs.

Please do NOT add yourself here. Your name will appear automatically once you have received the confirmation email. You need to put your name on the general developer summit attendees list though.

Name

Username / Affiliation

Topics of Interest

Notes

BennoRice

benno

Session chair

JohnBaldwin

jhb

WarrenBlock

wblock

Documentation team

David Bright

Dell Compellent (JustinGibbs)

PawelJakubDawidek

pjd

PeterGrehan

grehan

Joseph Kong

Author (JohnBaldwin)

KirkMcKusick

mckusick

MarcelMoolenaar

marcel

PeterWemm

peter

Peter Wong

NetApp (PeterGrehan)

BjoernZeeb

bz

Notes & Results

This is not a direct transcript of the session, more a list of the outcomes of the discussions in the working group, issues that were discussed and the tasks associated with addressing them.

Loader and Early Boot

Currently we lack support for booting under UEFI systems. Code is present in the projects/uefi(archive.org) branch but needs some work before it can be merged back.

The general consensus of the working group is that our boot process should look something like this:

The intent is that boot can begin at either of the stages listed above. If desired, loader.efi can be placed in the EFI System Partition and boot can begin directly from that point but the three-stage process listed above gives us a good default that will allow Secure Boot while minimising the need for frequent re-signing by third-parties (i.e. Microsoft).

The following issues exist:

Kernel Fixes

The following issues exist:

Installation

The following issues exist:

Secure Boot

The primary concern with support for Secure Boot is to ensure that anyone who attempts to install FreeBSD on a system with Secure Boot enabled can do so. The anticipated common scenarios are going to be either Secure Boot disabled or Secure Boot enabled with Microsoft's key present. The former will be supported with minimal change, the latter requires us to have a shim loader (see above) signed by Microsoft. We will also need internal signing certificates for the later stages of the boot process (up to and including loader.efi but not necessarily the kernel) and code to perform verification.

Later we can look at providing further optional support for people who want to construct secure, signed boot chains involving signatures all the way to the kernel and beyond to modules or even executables.

The following issues exist:

General Issues

The following issues exist:


CategoryHistorical

DevSummit/201305/UEFI (last edited 2021-04-25T08:19:13+0000 by JethroNederhof)