Secure Boot bootloader for distributions available now

[mjg59]

I'm pleased to say that a usable version of shim is now available for download. As I discussed here, this is intended for distributions that want to support secure boot but don't want to deal with Microsoft. To use it, rename shim.efi to bootx64.efi and put it in /EFI/BOOT on your UEFI install media. Drop MokManager.efi in there as well. Finally, make sure your bootloader binary is called grubx64.efi and put it in the same directory.

Now generate a certificate and put the public half as a binary DER file somewhere on your install media. On boot, the end-user will be prompted with a 10-second countdown and a menu. Choose "Enroll key from disk" and then browse the filesystem to select the key and follow the enrolment prompts. Any bootloader signed with that key will then be trusted by shim, so you probably want to make sure that your grubx64.efi image is signed with it.

If you want, you're then free to impose any level of additional signing restrictions - it's entirely possible to use this signing as the basis of a complete chain of trust, including kernel lockdowns and signed module loading. However, since the end-user has explicitly indicated that they trust your code, you're under no obligation to do so. You should make it clear to your users what level of trust they'll be able to place in their system after installing your key, if only to allow them to make an informed decision about whether they want to or not.

This binary does not contain any built-in distribution certificates. It does contain a certificate that was generated at build time and used to sign MokManager - you'll need to accept my assurance that the private key was deleted immediately after the build was completed. Other than that, it will only trust any keys that are either present in the system db or installed by the end user.

A couple of final notes: As of 17:00 EST today, I am officially (rather than merely effectively) no longer employed by Red Hat, and this binary is being provided by me rather than them, so don't ask them questions about it. Special thanks to everyone at Suse who came up with the MOK concept and did most of the implementation work - without them, this would have been impossible. Thanks also to Peter Jones for his work on debugging and writing a signing tool, and everyone else at Red Hat who contributed valuable review feedback.

Comments

Non-secure boot fallback.

[jordanu [launchpad.net]]

What will the shim do if booted on a UEFI system with secure boot disabled?

Ideally I'd like to configure things so that if someone boots my media (Super GRUB2 Disk) without secure boot there is no user intervention required to get to SG2D, so I would like it to just load the grubx64.efi automatically in that case.

[(Anonymous)]

Does this only work for Linux or will this work for FreeBSD as well?

Would you mind doing a post on what you did to get a signed shim.

[(Anonymous)]

After the trouble the Linux Foundation has it would be interested it see the successful method. Particularly if it can be made done without using windows.

I don't mean to be mean but if someone does not trust you. Providing the process and list of costs say here you can do this yourself if you don't trust me.
.

thank you

[(Anonymous)]

Matt, thank you and everyone involved for having gone through the trouble for us too. Shame on Microsoft for "innovating" in making that trouble.

--
Michael Shigorin

Microsoft signed? Is that "secure"?

[(Anonymous)]

If Microsoft signs it couldn't they als sign malware to be authentic? How is that secure? Ok, Microsoft wouldn't do something like doing bat things to comeptitor like linux but keys can get lost or a "admin" at Microsoft goes beserk.

UEFI

[(Anonymous)]

Will this be in the SuSe distros?

thank you

[(Anonymous)]

thank you.

Will MS revoke it?

[(Anonymous)]

More importantly, can they?

ARM systems support?

[(Anonymous)]

This appears to be an x86 solution/work-around. What about ARM systems? Are you working on a version for that?

Good luck

[(Anonymous)]

I'm sure I speak for more than just me in wishing you all the best in your new endeavors! Keep on bloggin'!

-Rubberman

archival time

[retired_paranoid]

Since this might be subject to disappearing, do you have any objections to it being posted someplace else if it does "go away"?

So Linux devs/users pay MS ...

[(Anonymous)]

Basically then Linux developers (and end-users who want to use their own Certificates) basically are blackmailed into paying Microsoft $99 to use their operating system of choice on hardware they purchased in a more secure manner.

Work-arounds are all well and good, and many large kudos for this one, but something is seriously wrong with this picture and needs a rather large complaint filed with the FTC.

How about doing this in reverse?

[(Anonymous)]

DoD or other major buyer wants a "computer" that can't boot insecurely, but the OS they are using isn't MS.

A defense contractor sells the DoD what amounts to a commodity Intel or AMD x64 computer that's locked down to only boot a specific, DoD-approved software stack - a stack that is NOT based on MS-Windows.

The DoD buys the computers but the project is eventually scrapped before full deployment.

To make these computers more attractive at auction, the DoD gets the defense contractor or the motherboard manufacturer to sign a version of Matthew's bootloader or something similar.

This bootloader can now be used to boot ... wait for it ... Windows. Or any other OS.

The DoD now gets "used computer" prices at auction instead of "scrap metal" prices.

Secure Boot bootloader for distributions available now

[(Anonymous)]

I have a better idea, don't purchase these systems until a more equitable solution is worked out. One that does not invest all the power in one company.

Wake up!

[(Anonymous)]

I've heard all the BS excuses. The issue is not about whether computing should move on from the older Bios technology to the "Secure Boot". The real issue is who is allowed to control this newer method.

The current situation is no different than allowing for instance Ford to have some sort of signing key that allows all car engines manufactured worldwide the ability to start. Believing that any single company should have this kind of power over its competitors is insane no matter whether the controlling company is Microsoft, RedHat, Oracle or whoever.

As was predicted before this whole mess started to come into effect there are already problems for users of alternative operating systems. Its only going to get worse from here on.

While its nice that you have come up with a work around, a work around is all it is and it can be made unusable at any point and my guess is that is exactly what will happen with your method and any other future method. Microsoft will interfere with anything that works. Bet on it.

No, the real solution is to remove Microsoft's ability to control this process and hand it over to an international unbiased standards body. If they do not do it willingly then legal action is required. NOTHING ELSE WILL WORK PERMANENTLY. No other solution will serve to address the freedom of consumers to use computers and operating systems as the consumer wishes.

WAKE UP!

+1 @ Wake Up!

[(Anonymous)]

I agree playing follow-the-leader with M$ cannot end up being more pleasant than the leapfrog/unicorn game. Let's face it, M$ effectively owns the hardware companies. The Windows tax proves this. End of story barring legal action. When "Tiles 2.0" comes out and my neighbor must throw their Tiles 1.0 PC into the dumpster, I'll nab it and disable secure boot.

Pointers on signing

[(Anonymous)]

I'm trying to use this, but it's unclear to me precisely how to sign my .efi files. The source code includes a script to generate certificates, but it's not clear to me how to use them to sign binaries. Googling hasn't turned up much useful (it's mostly sites about setting up OpenSSL with Apache). Thanks for any pointers.

Thanks

[(Anonymous)]

Thanks for taking the time to develop this. While I hope that my distributions of choice pick this up, but I'm not exactly excited to buy hardware with these restrictions.

How about a 32 bit system ?

[deckard026354]

Matthew great work.

Do you have a 32 bit UEFI binary ? I have a 32 bit UEFI system that is/will have secure boot on it and - thus would really like to ensure it works with shim before release.

Network (PXE) boot

[(Anonymous)]

How does this interact with PXE? If I set my machine to PXE boot (as most BIOSes do by default if there is no local media), what happens?

What about if I want to run from Read-only media, and do an unattended reboot?

Where do I find mokManager.efi

[(Anonymous)]

I'm hoping this will help me get around an issue I'm dealing with on the ASUS S405C.

And how about grub-install generated .efi files?

[(Anonymous)]

Ok, this is for sure a great way to make live distro images boot.
But what about grub-install (grub-mkimage...) grubx64.efi files?
These files seem to contain information about where is the "root" (grub root) partition, in particular the variables "root" and "prefix" change from system to system.
So, if this file changes from system to system and is generated during the install process, how is one supposed to have it signed without disclosing the private key?

Signatures for the source/binary

[(Anonymous)]

Could you please sign the binaries/source with your gpg key?

Surface

[https://www.google.com/accounts/o8/id?id=AItOawldvJA2LJPNJUjvgZGPdYsueUSDpvXfizQ]

Any chance we could get you to build this for an ARM target, for testing on the MS Surface and other UEFI tablets? Thanks.

Fabio

[(Anonymous)]

Matthew,
could you version shim-signed.tgz on the http server?

Thanks.