Add Secure Boot entry

Approved by:	hrs (mentor, blanket)

en_US.ISO8859-1/htdocs/news/status/report-2014-10-2014-12.xml

@@ -2100,4 +2100,63 @@
     <sponsor>Sandvine Inc.</sponsor>
   </project>
 
+  <project cat='kern'>
+    <title>Secure Boot</title>
+
+    <contact>
+      <person>
+	<name>
+	  <given>Edward Tomasz</given>
+	  <common>Napierała</common>
+	</name>
+	<email>trasz@FreeBSD.org</email>
+      </person>
+    </contact>
+
+    <links>
+      <url href="https://wiki.freebsd.org/SecureBoot" />
+    </links>
+
+    <body>
+      <p>UEFI Secure Boot is a mechanism that requires boot drivers
+	and operating system loaders to be cryptographically signed by an
+	authorized key.  It will refuse to execute any software that is not
+	correctly signed, and is intended to secure boot drivers and
+	operating system loaders from malicious tampering or
+	replacement.</p>
+
+      <p>This project will deliver the initial phase of secure boot
+	support for &os; and consists of:</p>
+
+      <ul>
+	<li>creating ports/packages of the gnu-efi toolchain,
+	  Matthew Garrett’s shim loader, and sbsigntools</li>
+	<li>extending the shim to provide an API for boot1.efi to
+	  load and verify binaries signed by keys known to the shim</li>
+	<li>writing uefisign(8), a BSD-licensed utility to sign EFI
+	  binaries using Authenticode, as mandated by UEFI
+	  specification.</li>
+      </ul>
+    </body>
+
+    <sponsor>The &os; Foundation</sponsor>
+
+    <help>
+      <task>
+	<p>Ensure the signature format properly matches UEFI spec
+	  requirements.</p>
+      </task>
+
+      <task>
+	<p>Verify correctly signed, incorrectly signed, and
+	  unsigned loader components are handled properly.</p>
+      </task>
+
+      <task>
+	<p>Investigate signed kernel ELF objects (including
+	  modules).</p>
+      </task>
+    </help>
+  </project>
+
 </report>