mjg59 | Secure Boot bootloader for distributions available now

I'm pleased to say that a usable version of shim is now available for download. As I discussed here, this is intended for distributions that want to support secure boot but don't want to deal with Microsoft. To use it, rename shim.efi to bootx64.efi and put it in /EFI/BOOT on your UEFI install media. Drop MokManager.efi in there as well. Finally, make sure your bootloader binary is called grubx64.efi and put it in the same directory.

Now generate a certificate and put the public half as a binary DER file somewhere on your install media. On boot, the end-user will be prompted with a 10-second countdown and a menu. Choose "Enroll key from disk" and then browse the filesystem to select the key and follow the enrolment prompts. Any bootloader signed with that key will then be trusted by shim, so you probably want to make sure that your grubx64.efi image is signed with it.

If you want, you're then free to impose any level of additional signing restrictions - it's entirely possible to use this signing as the basis of a complete chain of trust, including kernel lockdowns and signed module loading. However, since the end-user has explicitly indicated that they trust your code, you're under no obligation to do so. You should make it clear to your users what level of trust they'll be able to place in their system after installing your key, if only to allow them to make an informed decision about whether they want to or not.

This binary does not contain any built-in distribution certificates. It does contain a certificate that was generated at build time and used to sign MokManager - you'll need to accept my assurance that the private key was deleted immediately after the build was completed. Other than that, it will only trust any keys that are either present in the system db or installed by the end user.

A couple of final notes: As of 17:00 EST today, I am officially (rather than merely effectively) no longer employed by Red Hat, and this binary is being provided by me rather than them, so don't ask them questions about it. Special thanks to everyone at Suse who came up with the MOK concept and did most of the implementation work - without them, this would have been impossible. Thanks also to Peter Jones for his work on debugging and writing a signing tool, and everyone else at Red Hat who contributed valuable review feedback.

Page 1 of 6 << [1] [2] [3] [4] [5] [6] >>

Threaded | Top-Level Comments Only

From:

jordanu [launchpad.net]

What will the shim do if booted on a UEFI system with secure boot disabled?

Ideally I'd like to configure things so that if someone boots my media (Super GRUB2 Disk) without secure boot there is no user intervention required to get to SG2D, so I would like it to just load the grubx64.efi automatically in that case.

From:

mjg59

Signature validation gets disabled if secure boot is disabled.

From: (Anonymous)

Does this only work for Linux or will this work for FreeBSD as well?

From:

mjg59

It'll boot grub (or any EFI application that happens to be called grubx64.efi...), so sure.

From:

mjg59

By which I mean yes, you could use this to boot FreeBSD.

From: (Anonymous)

After the trouble the Linux Foundation has it would be interested it see the successful method. Particularly if it can be made done without using windows.

I don't mean to be mean but if someone does not trust you. Providing the process and list of costs say here you can do this yourself if you don't trust me.
.

From:

mjg59

Sure. I don't believe that it's possible without Windows for the final upload - it really needs Silverlight. Running IE under Wine may be sufficient, but I couldn't be bothered. Anyway.

Go to sysdev.microsoft.com and log in with a Live account.
Follow the link to the Verisign (now Symantec) page for creating a new company account. Ignore the use of the word company - you can do this as an individual.
Follow the instructions and purchase an individual key for code signing. You'll be emailed a form to attach a copy of your notarised ID to, so get that filled in and signed and send them back a copy by email.
Export the key from your browser as a .p12 file.
Go back to sysdev.microsoft.com and download the zip file containing winsign.exe. Use pesign or sbsign and the key you exported to sign this file, and then upload it to sysdev.microsoft.com to enable your account.
Sign the legal agreements - this just involves you typing your name into a box.
Put the file you want to get signed into a cab file. lcab will do this,
Sign the cab file with your Verisign key. osslsigncode will do this.
Upload the file to sysdev.microsoft.com. The uploader is Silverlight for no obviously good reason.
Wait for the upload to be processed. I think this happens a couple of times a week, so be prepared to wait a few days (I had to)
You'll get an email when signing is complete. Download the cab file and use cabextract to retrieve your signed binary.

Total cost is $99 plus however much it costs to get something notarised where you are.

From: (Anonymous)

Matt, thank you and everyone involved for having gone through the trouble for us too. Shame on Microsoft for "innovating" in making that trouble.

--
Michael Shigorin

From: (Anonymous)

If Microsoft signs it couldn't they als sign malware to be authentic? How is that secure? Ok, Microsoft wouldn't do something like doing bat things to comeptitor like linux but keys can get lost or a "admin" at Microsoft goes beserk.

From: (Anonymous)

Will this be in the SuSe distros?

From: (Anonymous)

Is your departure from RedHat in any way related
to your work on the shim?

From: (Anonymous)

thank you.

From:

http://apebox.org/wordpress/

They could accidentally sign malware as authentic, but there is support for blacklisting specific signed binaries to ban them from booting, and provision in the Secure Boot spec for distributing the blacklist updates via Windows Update (and other OSes may implement it too)

From: (Anonymous)

UEFI provides a guarantee that some random program can't be loaded before the operating system gets started.

Naer a week passes when we don't hear of new malware breaching Windows defences; which seems to have escaped the attention of those who would spruik this (secure boot) dreadful imposition.

The greatest threat appears to lie in Windows itself, either application or system code. Guarantees that windows loads without interference seems to me to be a hollow victory.

Newall

From: (Anonymous)

You see, MS has been recently caught on signing serious industrial spyware/sabotage tool with their valid signature. So I have no doubt they will also sign any kind of bootkit/rootkit, should some big guys need it to do evil things on Iran PCs at their factories... or spy at *your* PC. Or someone else PC. Or whatever. If they signed hardcore industrial espionage kit, you can exepct absolutely ANYTHING from such vendor. So you can't expect security at all.

P.S. still this bootloader is an incredible workaround to these crappy initiatives where you're FORCED to "trust" to entities you have no reason to trust at all. However as for me at this point I would consider whole x86 platform with UEFI to be untrusted due to all this activity. If someone forces you to "trust" by pointing you with their gun and leaving no other options, you know, this "trust" is a big fake.

P.s.: "Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety." - B. Franklin.

From: (Anonymous)

More importantly, can they?

From:

mjg59

Nope.

From:

mjg59

They can, but unless there's any security issues with it, I have no reason to think that they will.

From: (Anonymous)

This appears to be an x86 solution/work-around. What about ARM systems? Are you working on a version for that?

From: (Anonymous)

Amen to that (and kudos to BF)!

P.S. To MG - I like your (not)captcha technique. Yours, or did you get it elsewhere? :-)

-Rubberman

From: (Anonymous)

I'm sure I speak for more than just me in wishing you all the best in your new endeavors! Keep on bloggin'!

-Rubberman

From:

mjg59

No, I'm not currently working on ARM. The technical side is easy (it basically just needs the relocation code to work for ARM as well), but it's not yet clear what the signing situation looks like there.

From: (Anonymous)

The uploader is in Silverlight? Seriously?

Microsoft is just trolling at this point.

From: (Anonymous)

And so we are back to being forced to "Trust" Microsoft, at least if that system ever boots MS-Windows and updates and gets a new blacklist that does blacklist your key.

I still find this whole situation intolerable.

From: (Anonymous)

> What about ARM systems?
ARMs all have very different ideas on how this thing implemented. Many ARMs do not implement this "feature" at all. Some do implement it but can leave it inactive, depending on eFuse state in CPU itself. Some are restricted/locked though. Most notably some smart phones, etc. Especially those locked to particular operator and so on. In fact secure-boot-like techniques were here for an ages in ARMs and appeared much earlier to protect operator locks and other restrictions. Ages ago before UEFI made it to PC. Though this curtain rather uplifts these days when Linux-based things got popular and users started to demand root rights and unlocked bootloaders by writting petitions and so on.

This far you can expect most restricted devices to come from apple (I doubt they will allow you to boot your own code without hacks, ever) and MS (who wants to be like an apple). For other devices your mileage may vary. Yes, we have to be a little picky in choosing devices. iDevices from apple are clearly not our friend - they targetnig careless iDiots who could be easily fooled into locked-down trap. Whole device design serves to taking away user's freedom. So device does not serves user. It serves apple and their needs. As simple as that. In fact such devices are just trojan horses on their own. Yet not each and every human being can recognize that.

Page 1 of 6 << [1] [2] [3] [4] [5] [6] >>

Threaded | Top-Level Comments Only

Profile

Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist.

mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.

Page Summary

jordanu [launchpad.net] - Non-secure boot fallback.
mjg59 - Re: Non-secure boot fallback.
(Anonymous) - (no subject)
mjg59 - (no subject)
mjg59 - (no subject)
(Anonymous) - Would you mind doing a post on what you did to get a signed shim.
mjg59 - Re: Would you mind doing a post on what you did to get a signed shim.
(Anonymous) - thank you
(Anonymous) - Microsoft signed? Is that "secure"?
(Anonymous) - UEFI
(Anonymous) - Re: Non-secure boot fallback.
(Anonymous) - thank you
http://apebox.org/wordpress/ - Re: Microsoft signed? Is that "secure"?
(Anonymous) - Re: Microsoft signed? Is that "secure"?
(Anonymous) - This "security" is fake. It's "restricted" boot, not "secure".
(Anonymous) - Will MS revoke it?
mjg59 - Re: Non-secure boot fallback.
mjg59 - Re: Will MS revoke it?
(Anonymous) - ARM systems support?
(Anonymous) - Re: This "security" is fake. It's "restricted" boot, not "secure".
(Anonymous) - Good luck
mjg59 - Re: ARM systems support?
(Anonymous) - Re: Would you mind doing a post on what you did to get a signed shim.
(Anonymous) - Re: Will MS revoke it?
(Anonymous) - Re: ARM systems support?

Expand Cut Tags

No cut tags