UEFI and Secure Boot stuff

[menotu]

Taken from this PDF
==================

James Bottomley - 31 January 2013

UEFI Secure Boot - Where we stand  

UEFI Secure boot is a static way of assigning trust to the boot system
•
It is mandated by Microsoft to be enabled in all shipping Windows 8 systems
•
The Microsoft Mandate requires all keys to be owned either by the OEM or by Microsoft
•
Secure Boot must be capable of being Disabled and the keys replaced
•
But no standard mechanism for doing this exists

The Secure Boot Keys

There are three sets of keys

The Platform Key (PK) , designed to be owned by the owner  of the hardware

Microsoft mandates that this belong to the OEM

The Key Exchange Keys (KEK) designed to be owned by trusted entities for boot

Microsoft mandates they own at least one of these

The Signature Database (db) designed to verify trusted binaries

Microsoft mandates they have a key here too.

db signatures are required to boot in a trusted environment

How it Works

PK may only be used to update KEK

So the PK owner decides

what keys to trust in the key

When to be in Setup Mode

KEK may only be used to update db
–
So all owners of KEKs can update or revoke db keys

db keys must be used to sign binaries which are trusted by the system.

How Microsoft Mandates that it Work

The Windows 8 Logo Requirements are

OEM controls Owner Key

Microsoft owns keys in KEK and db

Several keys, in fact: it looks like Windows boot will be signed by a separate root of trust from the third party signing system

On non-ARM systems, secure boot must be disabled via a UEFI menu

No mandate for where this is or how easy it is to do.

On non-ARM systems, the user must be able to replace all the keys

Again, no requirement for key administration

OEM can comply by simply having the system remove all the keys

GPLv3 and Secure Boot

People think GPLv3 requires disclosure of signing keys in a lock down environment

The Linux Foundation saw this problem in the early drafts of the Microsoft Windows 8 Logo docs and sought to fix it

However requirement is only that the user be able to boot their own system

Ejecting the preset keys and installing your own, with which you can then sign your system is sufficient

Implies reset to setup mode in UEFI interface, as Mandated by Microsoft, satisfies GPLv3 obligation

FSF Supports this interpretation

The Threat

Since Microsoft owns all the Signing keys, no Linux boot system will work out of the box without their approval

Approval requires not booting malware and obeying the Windows 8 logo mandates.

Implies simply getting Microsoft to sign a Linux bootloader isn't an option

Linux won't boot on Windows 8 systems (i.e. all current PC systems) without a Microsoft approved method of booting

Trying to explain to users how to disable secure boot isn't an option

Because of the non-standard mechanisms for doing so

The Opportunity

Secure boot gives users a way of protecting their systems from external intrusion

Supporting it end to end would facilitate Linux playing in secure environments

To be effective, must carry the root of trust through the secure boot to the Operating System environment

May require other trust implementations like signed modules

Or disallowing root access to PCI configuration space

The Linux Response

Two Challenges

1. Keep the Ecosystem booting easily in the face of secure boot

2. Enhance Security policy for distributions by taking advantageof secure boot.

The Linux Foundation response has concentrated exclusively on 1.

The Linux Distributions are Investigating and preparing for 2.

Red Hat and Canonical already shipping Secure Boot in some form

Original LF Plans

 Develop a set of tools to enable owner to easily take control of the system and manage the keys

Allows ejecting of OEM and Microsoft keys and installing your own

Tools also permit the creation of signed binaries to reset the platform to setup mode

Just in case something goes wrong with UEFI interface

A signed pre-bootloader that will boot any unsigned bootloader with a present user test

And will install bootloader signature in setup mode to avoid the present user test

What the Distributions are Doing

Red Hat (Matthew Garrett) interacted with UEFI forum and OEMs to create the Shim bootloader

Boots a signed second stage loader, which boots a signed kernel

Kernel is locked down by module signing and other measures

SUSE has Machine Owner Key (MOK) approach

Shim modified to accept key updates from present user

Means user can resign the boot loader and install their own key

Both approaches require signing shim with the microsoft key

SHIM + MOK Solutions

MOK means Machine Owner Key

Stored in a new MokList variable which is NV+BS

Matthew Garrett adding ability to store hashes in MOK database

Means shim + MOK can now chain unsigned bootloaders

Unsigned bootloaders can be authorised on the fly using the MOK solution

 Shim runs an EFI binary if the key or hash is

 in db (allowed signatures) or MokList

 And not in dbx (forbidden signatures)

 SHIM solutions only work with legacy link loaders, like Grub and efiboot

Architectural Problems

All current secure boot workarounds overcome the UEFI signature check by linking and running UEFI binaries themselves

Means they are essentially link loaders themselves

Unfortunately, this means they won't work with the new generation of Bootloaders like gummiboot.

Rely on kernel EFI stubs and use BS->LoadImage()

Discovery of this problem lead to a complete re-architecture of the LF secure boot solution in November/December

Plus UEFI redefined authorisation returns.

EFI_ACCESS_DENIED and EFI_SECURITY_VIOLATION

================
Please see PDF link at top of post

[Just17]

I will read it all later but glancing at it I stopped here

The Secure Boot Keys

There are three sets of keys

The Platform Key (PK) , designed to be owned by the owner  of the hardware

Microsoft mandates that this belong to the OEM

we are not amused ..........

[menotu]

Matthew Garrett - 1-Feb-2013

The current state of UEFI and Linux

Executive summary: Most things work fine.

Things we know are broken:

   Some Samsung laptops  The samsung-laptop driver is a slightly weird thing. By 2010 (when it first appeared) most vendors had moved over to using some level of firmware abstraction, either using ACPI or WMI. Samsung still seemed to be stuck around a decade earlier - they were providing a region of memory at a known address, and you'd read that address to find a bunch of offsets.

Then you'd write magic values based on those offsets to magic system IO ports based on those offsets and something would happen. Those writes were triggering System Management Mode   a special x86 CPU mode where the processor executes code from memory that the OS can't see, without telling the OS that it's doing so. There's nothing especially new in this (SMM first appeared in the 386sl back in 1990), but it also means that you depend on the system vendor not changing the interface without telling you.

Turns out that Samsung apparently changed their platform interface when they moved to UEFI, but didn't actually do anything to prevent old drivers from breaking things - performing exactly the same series of accesses on some modern Samsung laptops gives an uncorrectable machine check exception (in the best case) or destroys your firmware (in the worst case). Given that the driver was written to Samsung's specifications, this is pretty obviously Samsung's fault, but that's probably little consolation to anyone who ended up with a dead laptop. Although, given Samsung's track record  this may not be surprising.

    On the bright side, some of the machines that are affected by this predate Secure Boot, so at least it's not a Secure Boot bug.

     Some Toshibas won't boot Linux  This turns out to be some staggering incompetence on the part of Toshiba (or, more likely, their third-party vendor) - they managed to leave the signing key out of the database that's used to validate binaries, and managed to leave the signature database signing key out of the database that's used to provide whitelist or blacklist updates. The good news is that this is a blatant violation of Microsoft's Windows 8 certification guidelines, and that seems to have encouraged Toshiba to actually fix their BIOS. The bad news is that any of the affected machines that are currently available are still broken, and Toshiba don't seem to be willing to actually give you the firmware update yet.

    Some Lenovos  will only boot Windows or Red Hat Enterprise Linux. I recommend drinking, because as far as I know they haven't actually got around to doing anything useful about this yet.

Not an amazingly positive list, but as far as I know that's about it - other than some Samsungs, one range of Toshibas and one range of Lenovo desktops, Linux should be fine. If you have any other UEFI system that's unable to install Fedora 18, let me know and we'll do our best to work out what's going on.

http://mjg59.dreamwidth.org/22028.html

[DeBaas]

I'll stay away from buying new motherboards, desk and/or laptops till this UEFI and Secure boot is all ironed out

[Crow]

I'll stay away from buying new motherboards, desk and/or laptops till this UEFI and Secure boot is all ironed out

+1

I haven't had the money to change my laptop and just changed the HD (put an SSD), it's an old computer buy I hope it won't break.  Or maybe I should buy a used laptop...

[menotu]

James Bottomley - 8 Febrary 2013

Linux Foundation Secure Boot System Released

As promised, here is the Linux Foundation UEFI secure boot system.  This was actually released to us by Microsoft on Wednesday 6 February, but with travel, conferences and meetings I didn’t really get time to validate it all until today.  The files are here

PreLoader.efi (md5sum 4f7a4f566781869d252a09dc84923a82)
HashTool.efi (md5sum 45639d23aa5f2a394b03a65fc732acf2)

I’ve also put together a mini-USB image that is bootable (just dd it on to any USB key; the image is gpt partitioned, so use the whole disk device).  It has an EFI shell where the kernel should be and uses gummiboot to load.  You can find it here (md5sum 7971231d133e41dd667a184c255b599f).

To use the mini-USB image, you have to enroll the hashes for loader.efi (in the \EFI\BOOT directory; actually gummiboot) as well as shell.efi (in the top level directory).  It also includes a copy of KeyTool.efi which you have to enrol the hash of to run as well.

What Happened to KeyTool.efi?

Originally this was going to be part of our signed release kit.  However, during testing Microsoft discovered that because of a bug in one of the UEFI platforms, it could be used to remove the platform key programmatically, which would rather subvert the UEFI security system.  Until we can resolve this (we’ve now got the particular vendor in the loop), they declined to sign KeyTool.efi although you can, of course, authorize it by hash in the MOK variables if you want to run it.

Let me know how this goes because I’m very interested to gather feedback about what works and what doesn’t work.  In particular, there’s a worry that the security protocol override might not work on some platforms, so I particularly want to know if it doesn’t work for you.

http://blog.hansenpartnership.com/linux-foundation-secure-boot-system-released/

[Crow]

I hope UEFI goes the way of the microchannel soon

[Georgetoon]

I found this info here.

UEFI, in essence, is a light-weight operating system that your computer loads at boot time. (See: Demystifying UEFI, the long-overdue BIOS replacement.) Because it’s an operating system, UEFI has full access to your hardware, and it can be programmed to do just about anything (thus the Extensible part of its acronym). UEFI interfaces can be mouse-driven (pictured below), and can perform complex tasks such as surfing the web or backing up your hard drives.

So, if it's an OS, how likely is it that it can be infected with a virus?  Will Linux, and all PCs, now be subjected to malware/viruses at the UEFI level?

[bicol_willem]

"the long-overdue BIOS replacement"   

How much I disagree 

Never had any problem with a bios, so why fix it?  We have only trouble now with new things and replacements.
(JMHO)

[Just17]

UEFI is a huge improvement on BIOS .......... it is this secure boot that is the problem    ....... 

[sir_herrbatka]

Screw UEFI, coreboot rox!

[Just17]

Screw UEFI, coreboot rox!

   yes that would be preferable .......  IF we could have it in all motherboards   

[Georgetoon]

Maybe I should buy a system now with BIOS rather than wait and have to deal with UEFI?

[Just17]

I have a couple of systems built with UEFI without problems.

The only problems that will occur is if secure boot cannot be disabled ......  or if both Lin & Win are needed with secure boot (Win 8 ).

[Wildman]

Remembering the past, while looking down the road a bit.........if this thing gets its teeth into the industry, we are in deep trouble......""Mo Money"", ""Mo Power"" ""Mo Money""