Secure boot support #81
Comments
|
You will have to clarify if this pertains to images of OPNsense, HardenedBSD, FreeBSD or BSD in general. Otherwise we won’t have a clear description. I also suspect a lot of potential requests are completely out of scope from the OPNsense project perspective. |
|
I have tried and OPNsense doesn't boot when secure boot is enabled on the device, also I didn't find anything on a quick search on the documentation about it, I had a look and FreeBSD currently doesn't seem to support secure boot fully (https://wiki.freebsd.org/SecureBoot) |
|
I'm only asking once more for your clarification. Since you tried it and not all images support UEFI this is still missing key information. |
|
I have edited the main bug and hope it has enough clarification now. |
|
We have added UEFI to the serial image while it already existed for vga and dvd. That's as far as we can go for now unless there is more movement in FreeBSD (which I guess there will not be). |
|
Based on the freebsd secure boot status page isn't it implemented up until the bootloader? So could it be implemented now up to the bootloader and stop verification after that, this would allow opnsense to boot and install with secure boot on and leave it enabled and the rest of the hardening could be done later. |
This issue is to request the support for secure boot in OPNsense to increase security in the OS.
I have tried OPNsense via the vga USB install image with GPT and UEFI boot and it doesn't boot when secure boot is enabled nor does OPNsense boot after it is installed and secure boot turned on only after installation is finished.
I don't believe HardenedBSD or FreeBSD currently fully support secure boot but I have not tested them, only OPNsense vga USB install image with GPT and UEFI boot support, so this bug pertains to OPNsense images.
The text was updated successfully, but these errors were encountered: