Quantcast

UEFI Secure Boot Xen 4.9

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

UEFI Secure Boot Xen 4.9

Bill Jacobs (billjac)

Hi all

I gather that with 4.9, UEFI secure boot of Xen should be possible.

Is this true?

If so, what are the options for utilizing UEFI secure boot? Do I need a MSFT-signed shim or grub? Any special changes required for Xen kernel (signing?) or has that been done?

 

Thanks

-Bill

 


_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xen.org/xen-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UEFI Secure Boot Xen 4.9

George Dunlap-5
On Wed, May 10, 2017 at 11:36 PM, Bill Jacobs (billjac)
<[hidden email]> wrote:
> Hi all
>
> I gather that with 4.9, UEFI secure boot of Xen should be possible.
>
> Is this true?
>
> If so, what are the options for utilizing UEFI secure boot? Do I need a
> MSFT-signed shim or grub? Any special changes required for Xen kernel
> (signing?) or has that been done?

Bill,

I guess in part it depends on what you mean by "utilizing UEFI secure
boot".  If you simply want to boot an unsigned Xen on a UEFI system
with SecureBoot enabled, then grub would probably work.  If you want
to actually do the full SecureBoot thing -- where you have grub check
Xen's signature and that of the kernel and initrd, you probably need a
bit more.

Daniel,

Is there any good documentation on this?  The Xen EFI guide
(https://wiki.xenproject.org/wiki/Xen_EFI) mentions the shim, but
doesn't go into detail about how to sign a binary &c.

 -George

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xen.org/xen-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UEFI Secure Boot Xen 4.9

Daniel Kiper-2
Hey,

CC-ing Xen-devel to spread some knowledge about the issue.

On Mon, May 15, 2017 at 10:42:23AM +0100, George Dunlap wrote:

> On Wed, May 10, 2017 at 11:36 PM, Bill Jacobs (billjac)
> <[hidden email]> wrote:
> > Hi all
> >
> > I gather that with 4.9, UEFI secure boot of Xen should be possible.
> >
> > Is this true?
> >
> > If so, what are the options for utilizing UEFI secure boot? Do I need a
> > MSFT-signed shim or grub? Any special changes required for Xen kernel
> > (signing?) or has that been done?
>
> Bill,
>
> I guess in part it depends on what you mean by "utilizing UEFI secure
> boot".  If you simply want to boot an unsigned Xen on a UEFI system
> with SecureBoot enabled, then grub would probably work.  If you want
> to actually do the full SecureBoot thing -- where you have grub check
> Xen's signature and that of the kernel and initrd, you probably need a
> bit more.
>
> Daniel,
>
> Is there any good documentation on this?  The Xen EFI guide
> (https://wiki.xenproject.org/wiki/Xen_EFI) mentions the shim, but
> doesn't go into detail about how to sign a binary &c.

Unfortunately I do not know anything like that. As you said in general
shim is supported. Sadly, it works only if you load xen.efi directly from
EFI. __Upstream__ GRUB2 has not have support for shim yet. I am working
on it (shim support via GRUB2 requires also some changes in Xen). I hope
that I will have something which works before Xen conf in Budapest.

If you wish to use shim with xen.efi then you have to sign xen.efi and
vmlinux with your key using sbsign or pesign. The process works in the same
way like in case vmlinux alone. Of course you have to install your public
key into MOK before enabling secure boot.

Daniel

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xen.org/xen-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UEFI Secure Boot Xen 4.9

Bill Jacobs (billjac)


> -----Original Message-----
> From: Daniel Kiper [mailto:[hidden email]]
> Sent: Monday, May 15, 2017 6:13 AM
> To: Bill Jacobs (billjac) <[hidden email]>; [hidden email]
> Cc: [hidden email]; [hidden email]
> Subject: Re: [Xen-users] UEFI Secure Boot Xen 4.9
>
> Hey,
>
> CC-ing Xen-devel to spread some knowledge about the issue.
>
> On Mon, May 15, 2017 at 10:42:23AM +0100, George Dunlap wrote:
> > On Wed, May 10, 2017 at 11:36 PM, Bill Jacobs (billjac)
> > <[hidden email]> wrote:
> > > Hi all
> > >
> > > I gather that with 4.9, UEFI secure boot of Xen should be possible.
> > >
> > > Is this true?
> > >
> > > If so, what are the options for utilizing UEFI secure boot? Do I
> > > need a MSFT-signed shim or grub? Any special changes required for
> > > Xen kernel
> > > (signing?) or has that been done?
> >
> > Bill,
> >
> > I guess in part it depends on what you mean by "utilizing UEFI secure
> > boot".  If you simply want to boot an unsigned Xen on a UEFI system
> > with SecureBoot enabled, then grub would probably work.  If you want
> > to actually do the full SecureBoot thing -- where you have grub check
> > Xen's signature and that of the kernel and initrd, you probably need a
> > bit more.
> >
> > Daniel,
> >
> > Is there any good documentation on this?  The Xen EFI guide
> > (https://wiki.xenproject.org/wiki/Xen_EFI) mentions the shim, but
> > doesn't go into detail about how to sign a binary &c.
>
> Unfortunately I do not know anything like that. As you said in general shim is
> supported. Sadly, it works only if you load xen.efi directly from EFI.
> __Upstream__ GRUB2 has not have support for shim yet. I am working on it
> (shim support via GRUB2 requires also some changes in Xen). I hope that I will
> have something which works before Xen conf in Budapest.
>
> If you wish to use shim with xen.efi then you have to sign xen.efi and vmlinux
> with your key using sbsign or pesign. The process works in the same way like in
> case vmlinux alone. Of course you have to install your public key into MOK
> before enabling secure boot.
>
> Daniel

Yes, there are options in how this is achievable, and the solutions may be different.

We are targeting a secure boot chain from UEFI fw to .ko, using same signing.
In our case would skip shim and reduce attack surface, but it appears that the mechanisms 'out there' for passing pub key (cert) from UEFI db to Linux chainring require shim to do the work. Is that accurate? Does it have to be the case? I don't see why.
For us, ideal case is :
UEFI fw -> (signed)GRUB2.efi->Multiboot2->Xen(signed .ko)

I would be happy to work to help achieve this.
-Bill


_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xen.org/xen-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: UEFI Secure Boot Xen 4.9

Daniel Kiper-2
On Mon, May 15, 2017 at 07:09:54PM +0000, Bill Jacobs (billjac) wrote:

> > -----Original Message-----
> > From: Daniel Kiper [mailto:[hidden email]]
> > Sent: Monday, May 15, 2017 6:13 AM
> > To: Bill Jacobs (billjac) <[hidden email]>; [hidden email]
> > Cc: [hidden email]; [hidden email]
> > Subject: Re: [Xen-users] UEFI Secure Boot Xen 4.9
> >
> > Hey,
> >
> > CC-ing Xen-devel to spread some knowledge about the issue.
> >
> > On Mon, May 15, 2017 at 10:42:23AM +0100, George Dunlap wrote:
> > > On Wed, May 10, 2017 at 11:36 PM, Bill Jacobs (billjac)
> > > <[hidden email]> wrote:
> > > > Hi all
> > > >
> > > > I gather that with 4.9, UEFI secure boot of Xen should be possible.
> > > >
> > > > Is this true?
> > > >
> > > > If so, what are the options for utilizing UEFI secure boot? Do I
> > > > need a MSFT-signed shim or grub? Any special changes required for
> > > > Xen kernel
> > > > (signing?) or has that been done?
> > >
> > > Bill,
> > >
> > > I guess in part it depends on what you mean by "utilizing UEFI secure
> > > boot".  If you simply want to boot an unsigned Xen on a UEFI system
> > > with SecureBoot enabled, then grub would probably work.  If you want
> > > to actually do the full SecureBoot thing -- where you have grub check
> > > Xen's signature and that of the kernel and initrd, you probably need a
> > > bit more.
> > >
> > > Daniel,
> > >
> > > Is there any good documentation on this?  The Xen EFI guide
> > > (https://wiki.xenproject.org/wiki/Xen_EFI) mentions the shim, but
> > > doesn't go into detail about how to sign a binary &c.
> >
> > Unfortunately I do not know anything like that. As you said in general shim is
> > supported. Sadly, it works only if you load xen.efi directly from EFI.
> > __Upstream__ GRUB2 has not have support for shim yet. I am working on it
> > (shim support via GRUB2 requires also some changes in Xen). I hope that I will
> > have something which works before Xen conf in Budapest.
> >
> > If you wish to use shim with xen.efi then you have to sign xen.efi and vmlinux
> > with your key using sbsign or pesign. The process works in the same way like in
> > case vmlinux alone. Of course you have to install your public key into MOK
> > before enabling secure boot.
> >
> > Daniel
>
> Yes, there are options in how this is achievable, and the solutions may be different.
>
> We are targeting a secure boot chain from UEFI fw to .ko, using same signing.
> In our case would skip shim and reduce attack surface, but it appears that the mechanisms
> 'out there' for passing pub key (cert) from UEFI db to Linux chainring require shim to do
> the work. Is that accurate? Does it have to be the case? I don't see why.

AIUI, if EFI secure boot is enabled then EFI verifies signatures of every
loaded/executed PE file. Unfortunately, you are not able to use secure boot
protocol directly to verify yourself PE's loaded from your app. So, this is
one of reasons why shim was introduced. It exposes protocol which can be
used by you to do verification.

> For us, ideal case is :
> UEFI fw -> (signed)GRUB2.efi->Multiboot2->Xen(signed .ko)

AFAICT, it is not possible. We should do following thing:

  UEFI -> shim -> GRUB2 -> Multiboot2 -> Xen/Linux/etc.

UEFI will verify shim secure boot signature then shim will verify GRUB2
signature then GRUB2 will verify (with shim protocol) Xen signature and
finally Xen will verify (with shim protocol) Linux kernel signature. Then
your kernel can verify modules using whatever you want.

> I would be happy to work to help achieve this.

There is a chance that I will have something very raw at the beginning
of June. If you wish to do tests drop me a line.

Daniel

_______________________________________________
Xen-users mailing list
[hidden email]
https://lists.xen.org/xen-users
Loading...