Git-Mirrors/qubes-doc
1
0
Fork 0
mirror of https://github.com/QubesOS/qubes-doc.git synced 2024-10-01 01:25:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Mention Heads in secure boot FAQ entry

Browse Source
This commit is contained in:
Jean-Philippe Ouellet 2018-07-24 08:13:09 -04:00
parent b8ba4bae7c
commit 36abc1c292
No known key found for this signature in database
GPG Key ID: E0C9723C50A46274
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
about/faq.md
View File

@ -559,7 +559,8 @@ For more details about how we improved on Xen's native stub domain use, see [her
### Is Secure Boot supported? ### Is Secure Boot supported?
Secure Boot is not supported out of the box as UEFI support in Xen is very basic. UEFI Secure Boot is not supported out of the box as UEFI support in Xen is very basic.
Arguably secure boot reliance on UEFI integrity is not the best design. Arguably secure boot reliance on UEFI integrity is not the best design.
The relevant binaries (shim.efi, xen.efi, kernel / initramfs) are not signed by the Qubes Team and secure boot has not been tested. The relevant binaries (shim.efi, xen.efi, kernel / initramfs) are not signed by the Qubes Team and secure boot has not been tested.
Intel TXT (used in [Anti Evil Maid](/doc/anti-evil-maid/)) at least tries to avoid or limit trust in BIOS. Intel TXT (used in [Anti Evil Maid](/doc/anti-evil-maid/)) at least tries to avoid or limit trust in BIOS.
See the Heads project [[1]](https://trmm.net/Heads) [[2]](http://osresearch.net/) for a better-designed non-UEFI-based secure boot scheme with very good support for Qubes.