[Xen-users] UEFI Secure Boot Xen 4.9
diff mbox

Message ID 20170829200115.GF4452@olila.local.net-space.pl
State New, archived
Headers show

Commit Message

Daniel Kiper Aug. 29, 2017, 8:01 p.m. UTC
Hey Tamas,

Sorry for late reply. I was on vacation.

On Tue, Aug 22, 2017 at 09:01:06PM -0600, Tamas K Lengyel wrote:
> On Tue, May 16, 2017 at 5:04 AM, Daniel Kiper <daniel.kiper@oracle.com> wrote:

[...]

> > UEFI will verify shim secure boot signature then shim will verify GRUB2
> > signature then GRUB2 will verify (with shim protocol) Xen signature and
> > finally Xen will verify (with shim protocol) Linux kernel signature. Then
> > your kernel can verify modules using whatever you want.
> >
> >> I would be happy to work to help achieve this.
> >
> > There is a chance that I will have something very raw at the beginning
> > of June. If you wish to do tests drop me a line.
>
> Hi Daniel,
> is there any news on this? I would be interested in giving this a shot too.

Please look at

  https://lists.xen.org/archives/html/xen-devel/2017-07/msg00982.html

and at

  https://lists.xen.org/archives/html/xen-devel/2017-07/msg00985.html

Attachments contain the same patches as above but rebased on latest
GRUB2 and Xen git repositories.

Due to some travel I am going to restart work on this in the second
half of September.

If you have any questions please drop me a line.

Daniel

Comments

Tamas K Lengyel Aug. 30, 2017, 4:16 p.m. UTC | #1
On Tue, Aug 29, 2017 at 2:01 PM, Daniel Kiper <daniel.kiper@oracle.com> wrote:
> Hey Tamas,
>
> Sorry for late reply. I was on vacation.
>
> On Tue, Aug 22, 2017 at 09:01:06PM -0600, Tamas K Lengyel wrote:
>> On Tue, May 16, 2017 at 5:04 AM, Daniel Kiper <daniel.kiper@oracle.com> wrote:
>
> [...]
>
>> > UEFI will verify shim secure boot signature then shim will verify GRUB2
>> > signature then GRUB2 will verify (with shim protocol) Xen signature and
>> > finally Xen will verify (with shim protocol) Linux kernel signature. Then
>> > your kernel can verify modules using whatever you want.
>> >
>> >> I would be happy to work to help achieve this.
>> >
>> > There is a chance that I will have something very raw at the beginning
>> > of June. If you wish to do tests drop me a line.
>>
>> Hi Daniel,
>> is there any news on this? I would be interested in giving this a shot too.
>
> Please look at
>
>   https://lists.xen.org/archives/html/xen-devel/2017-07/msg00982.html
>
> and at
>
>   https://lists.xen.org/archives/html/xen-devel/2017-07/msg00985.html
>
> Attachments contain the same patches as above but rebased on latest
> GRUB2 and Xen git repositories.
>
> Due to some travel I am going to restart work on this in the second
> half of September.
>
> If you have any questions please drop me a line.
>

Hi Daniel,
thanks for the update, I'll give it a shot today to set it up. In a
somewhat related note, are you aware of any work on getting secure
boot + UEFI working in a guest? There is a PoC patch on OpenXT
(https://github.com/OpenXT/xenclient-oe/pull/729) but was wondering if
there are any parallel efforts ongoing.

Thanks,
Tamas
Daniel Kiper Sept. 4, 2017, 12:40 p.m. UTC | #2
On Wed, Aug 30, 2017 at 10:16:23AM -0600, Tamas K Lengyel wrote:
> On Tue, Aug 29, 2017 at 2:01 PM, Daniel Kiper <daniel.kiper@oracle.com> wrote:
> > Hey Tamas,
> >
> > Sorry for late reply. I was on vacation.
> >
> > On Tue, Aug 22, 2017 at 09:01:06PM -0600, Tamas K Lengyel wrote:
> >> On Tue, May 16, 2017 at 5:04 AM, Daniel Kiper <daniel.kiper@oracle.com> wrote:
> >
> > [...]
> >
> >> > UEFI will verify shim secure boot signature then shim will verify GRUB2
> >> > signature then GRUB2 will verify (with shim protocol) Xen signature and
> >> > finally Xen will verify (with shim protocol) Linux kernel signature. Then
> >> > your kernel can verify modules using whatever you want.
> >> >
> >> >> I would be happy to work to help achieve this.
> >> >
> >> > There is a chance that I will have something very raw at the beginning
> >> > of June. If you wish to do tests drop me a line.
> >>
> >> Hi Daniel,
> >> is there any news on this? I would be interested in giving this a shot too.
> >
> > Please look at
> >
> >   https://lists.xen.org/archives/html/xen-devel/2017-07/msg00982.html
> >
> > and at
> >
> >   https://lists.xen.org/archives/html/xen-devel/2017-07/msg00985.html
> >
> > Attachments contain the same patches as above but rebased on latest
> > GRUB2 and Xen git repositories.
> >
> > Due to some travel I am going to restart work on this in the second
> > half of September.
> >
> > If you have any questions please drop me a line.
> >
>
> Hi Daniel,
> thanks for the update, I'll give it a shot today to set it up. In a
> somewhat related note, are you aware of any work on getting secure
> boot + UEFI working in a guest? There is a PoC patch on OpenXT
> (https://github.com/OpenXT/xenclient-oe/pull/729) but was wondering if
> there are any parallel efforts ongoing.

I do not follow this issue in detail. However, I suppose that if OVMF
supports UEFI secure boot (well, QEMU has to enable SMM support too;
I do not know does it work with Xen or not) then guest should work
without any issue. Just guessing...

Daniel
Tamas K Lengyel Sept. 5, 2017, 4:26 p.m. UTC | #3
On Mon, Sep 4, 2017 at 6:40 AM, Daniel Kiper <daniel.kiper@oracle.com> wrote:
> On Wed, Aug 30, 2017 at 10:16:23AM -0600, Tamas K Lengyel wrote:
>> On Tue, Aug 29, 2017 at 2:01 PM, Daniel Kiper <daniel.kiper@oracle.com> wrote:
>> > Hey Tamas,
>> >
>> > Sorry for late reply. I was on vacation.
>> >
>> > On Tue, Aug 22, 2017 at 09:01:06PM -0600, Tamas K Lengyel wrote:
>> >> On Tue, May 16, 2017 at 5:04 AM, Daniel Kiper <daniel.kiper@oracle.com> wrote:
>> >
>> > [...]
>> >
>> >> > UEFI will verify shim secure boot signature then shim will verify GRUB2
>> >> > signature then GRUB2 will verify (with shim protocol) Xen signature and
>> >> > finally Xen will verify (with shim protocol) Linux kernel signature. Then
>> >> > your kernel can verify modules using whatever you want.
>> >> >
>> >> >> I would be happy to work to help achieve this.
>> >> >
>> >> > There is a chance that I will have something very raw at the beginning
>> >> > of June. If you wish to do tests drop me a line.
>> >>
>> >> Hi Daniel,
>> >> is there any news on this? I would be interested in giving this a shot too.
>> >
>> > Please look at
>> >
>> >   https://lists.xen.org/archives/html/xen-devel/2017-07/msg00982.html
>> >
>> > and at
>> >
>> >   https://lists.xen.org/archives/html/xen-devel/2017-07/msg00985.html
>> >
>> > Attachments contain the same patches as above but rebased on latest
>> > GRUB2 and Xen git repositories.
>> >
>> > Due to some travel I am going to restart work on this in the second
>> > half of September.
>> >
>> > If you have any questions please drop me a line.
>> >
>>
>> Hi Daniel,
>> thanks for the update, I'll give it a shot today to set it up. In a
>> somewhat related note, are you aware of any work on getting secure
>> boot + UEFI working in a guest? There is a PoC patch on OpenXT
>> (https://github.com/OpenXT/xenclient-oe/pull/729) but was wondering if
>> there are any parallel efforts ongoing.
>
> I do not follow this issue in detail. However, I suppose that if OVMF
> supports UEFI secure boot (well, QEMU has to enable SMM support too;
> I do not know does it work with Xen or not) then guest should work
> without any issue. Just guessing...
>

Sure, was just wondering if you are aware of anyone looking at that.

In other news I was able to get your patches working and have been
able to boot with Secure boot enabled as far as shim -> signed grub ->
signed linux without initrd. If I boot a signed version of Xen from
grub it goes as far as setup_efi_pci but then the system reboots
without anything else being printed on the screen. I haven't been able
to debug it any further yet.

Tamas
Tamas K Lengyel Sept. 18, 2017, 3:24 p.m. UTC | #4
On Tue, Sep 5, 2017 at 12:26 PM, Tamas K Lengyel
<tamas.k.lengyel@gmail.com> wrote:
> On Mon, Sep 4, 2017 at 6:40 AM, Daniel Kiper <daniel.kiper@oracle.com> wrote:
>> On Wed, Aug 30, 2017 at 10:16:23AM -0600, Tamas K Lengyel wrote:
>>> On Tue, Aug 29, 2017 at 2:01 PM, Daniel Kiper <daniel.kiper@oracle.com> wrote:
>>> > Hey Tamas,
>>> >
>>> > Sorry for late reply. I was on vacation.
>>> >
>>> > On Tue, Aug 22, 2017 at 09:01:06PM -0600, Tamas K Lengyel wrote:
>>> >> On Tue, May 16, 2017 at 5:04 AM, Daniel Kiper <daniel.kiper@oracle.com> wrote:
>>> >
>>> > [...]
>>> >
>>> >> > UEFI will verify shim secure boot signature then shim will verify GRUB2
>>> >> > signature then GRUB2 will verify (with shim protocol) Xen signature and
>>> >> > finally Xen will verify (with shim protocol) Linux kernel signature. Then
>>> >> > your kernel can verify modules using whatever you want.
>>> >> >
>>> >> >> I would be happy to work to help achieve this.
>>> >> >
>>> >> > There is a chance that I will have something very raw at the beginning
>>> >> > of June. If you wish to do tests drop me a line.
>>> >>
>>> >> Hi Daniel,
>>> >> is there any news on this? I would be interested in giving this a shot too.
>>> >
>>> > Please look at
>>> >
>>> >   https://lists.xen.org/archives/html/xen-devel/2017-07/msg00982.html
>>> >
>>> > and at
>>> >
>>> >   https://lists.xen.org/archives/html/xen-devel/2017-07/msg00985.html
>>> >
>>> > Attachments contain the same patches as above but rebased on latest
>>> > GRUB2 and Xen git repositories.
>>> >
>>> > Due to some travel I am going to restart work on this in the second
>>> > half of September.
>>> >
>>> > If you have any questions please drop me a line.
>>> >
>>>
>>> Hi Daniel,
>>> thanks for the update, I'll give it a shot today to set it up. In a
>>> somewhat related note, are you aware of any work on getting secure
>>> boot + UEFI working in a guest? There is a PoC patch on OpenXT
>>> (https://github.com/OpenXT/xenclient-oe/pull/729) but was wondering if
>>> there are any parallel efforts ongoing.
>>
>> I do not follow this issue in detail. However, I suppose that if OVMF
>> supports UEFI secure boot (well, QEMU has to enable SMM support too;
>> I do not know does it work with Xen or not) then guest should work
>> without any issue. Just guessing...
>>
>
> Sure, was just wondering if you are aware of anyone looking at that.
>
> In other news I was able to get your patches working and have been
> able to boot with Secure boot enabled as far as shim -> signed grub ->
> signed linux without initrd. If I boot a signed version of Xen from
> grub it goes as far as setup_efi_pci but then the system reboots
> without anything else being printed on the screen. I haven't been able
> to debug it any further yet.
>

Daniel,
just FYI the xen.mb.efi generated with your patches causes pesign to segfault:

cms_pe_common.c:generate_digest:198 PE section ".text" has invalid address
Segmentation fault

Tamas
Daniel Kiper Sept. 19, 2017, 12:19 p.m. UTC | #5
On Mon, Sep 18, 2017 at 11:24:15AM -0400, Tamas K Lengyel wrote:
> On Tue, Sep 5, 2017 at 12:26 PM, Tamas K Lengyel
> <tamas.k.lengyel@gmail.com> wrote:
> > On Mon, Sep 4, 2017 at 6:40 AM, Daniel Kiper <daniel.kiper@oracle.com> wrote:
> >> On Wed, Aug 30, 2017 at 10:16:23AM -0600, Tamas K Lengyel wrote:
> >>> On Tue, Aug 29, 2017 at 2:01 PM, Daniel Kiper <daniel.kiper@oracle.com> wrote:
> >>> > Hey Tamas,
> >>> >
> >>> > Sorry for late reply. I was on vacation.
> >>> >
> >>> > On Tue, Aug 22, 2017 at 09:01:06PM -0600, Tamas K Lengyel wrote:
> >>> >> On Tue, May 16, 2017 at 5:04 AM, Daniel Kiper <daniel.kiper@oracle.com> wrote:
> >>> >
> >>> > [...]
> >>> >
> >>> >> > UEFI will verify shim secure boot signature then shim will verify GRUB2
> >>> >> > signature then GRUB2 will verify (with shim protocol) Xen signature and
> >>> >> > finally Xen will verify (with shim protocol) Linux kernel signature. Then
> >>> >> > your kernel can verify modules using whatever you want.
> >>> >> >
> >>> >> >> I would be happy to work to help achieve this.
> >>> >> >
> >>> >> > There is a chance that I will have something very raw at the beginning
> >>> >> > of June. If you wish to do tests drop me a line.
> >>> >>
> >>> >> Hi Daniel,
> >>> >> is there any news on this? I would be interested in giving this a shot too.
> >>> >
> >>> > Please look at
> >>> >
> >>> >   https://lists.xen.org/archives/html/xen-devel/2017-07/msg00982.html
> >>> >
> >>> > and at
> >>> >
> >>> >   https://lists.xen.org/archives/html/xen-devel/2017-07/msg00985.html
> >>> >
> >>> > Attachments contain the same patches as above but rebased on latest
> >>> > GRUB2 and Xen git repositories.
> >>> >
> >>> > Due to some travel I am going to restart work on this in the second
> >>> > half of September.
> >>> >
> >>> > If you have any questions please drop me a line.
> >>> >
> >>>
> >>> Hi Daniel,
> >>> thanks for the update, I'll give it a shot today to set it up. In a
> >>> somewhat related note, are you aware of any work on getting secure
> >>> boot + UEFI working in a guest? There is a PoC patch on OpenXT
> >>> (https://github.com/OpenXT/xenclient-oe/pull/729) but was wondering if
> >>> there are any parallel efforts ongoing.
> >>
> >> I do not follow this issue in detail. However, I suppose that if OVMF
> >> supports UEFI secure boot (well, QEMU has to enable SMM support too;
> >> I do not know does it work with Xen or not) then guest should work
> >> without any issue. Just guessing...
> >>
> >
> > Sure, was just wondering if you are aware of anyone looking at that.
> >
> > In other news I was able to get your patches working and have been
> > able to boot with Secure boot enabled as far as shim -> signed grub ->
> > signed linux without initrd. If I boot a signed version of Xen from
> > grub it goes as far as setup_efi_pci but then the system reboots
> > without anything else being printed on the screen. I haven't been able
> > to debug it any further yet.
> >
>
> Daniel,
> just FYI the xen.mb.efi generated with your patches causes pesign to segfault:
>
> cms_pe_common.c:generate_digest:198 PE section ".text" has invalid address
> Segmentation fault

Thank you for doing the tests. I am going to restart work on this next week
and post next version of patches in October. I will try to fix all issues
spotted by you. Stay tuned...

Daniel

Patch
diff mbox

From 8458d7904886ca4bea059d103dac2ba50e53c13b Mon Sep 17 00:00:00 2001
From: Daniel Kiper <daniel.kiper@oracle.com>
Date: Sat, 8 Jul 2017 23:32:36 +0200
Subject: [PATCH] efi: Add EFI shim lock verifier

This is based on git://git.savannah.gnu.org/grub.git phcoder/verifiers branch.

Just an RFC.

TODO:
  - disable the GRUB2 modules load/unload,
  - disable the dangerous modules, e.g. iorw, memrw.

Signed-off-by: Daniel Kiper <daniel.kiper@oracle.com>
---
 grub-core/Makefile.core.def        |    6 +++
 grub-core/commands/efi/shim_lock.c |  100 ++++++++++++++++++++++++++++++++++++
 2 files changed, 106 insertions(+)
 create mode 100644 grub-core/commands/efi/shim_lock.c

diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
index 16c4d0e..c38e4a8 100644
--- a/grub-core/Makefile.core.def
+++ b/grub-core/Makefile.core.def
@@ -905,6 +905,12 @@  module = {
 };
 
 module = {
+  name = shim_lock;
+  common = commands/efi/shim_lock.c;
+  enable = x86_64_efi;
+};
+
+module = {
   name = hdparm;
   common = commands/hdparm.c;
   common = lib/hexdump.c;
diff --git a/grub-core/commands/efi/shim_lock.c b/grub-core/commands/efi/shim_lock.c
new file mode 100644
index 0000000..40d2b25
--- /dev/null
+++ b/grub-core/commands/efi/shim_lock.c
@@ -0,0 +1,100 @@ 
+/*
+ *  GRUB  --  GRand Unified Bootloader
+ *  Copyright (C) 2017  Free Software Foundation, Inc.
+ *
+ *  GRUB is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  GRUB is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with GRUB.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ *  EFI shim lock verifier.
+ *
+ */
+
+#include <grub/dl.h>
+#include <grub/efi/efi.h>
+#include <grub/err.h>
+#include <grub/file.h>
+#include <grub/verify.h>
+
+GRUB_MOD_LICENSE ("GPLv3+");
+
+#define GRUB_EFI_SHIM_LOCK_GUID \
+  { 0x605dab50, 0xe046, 0x4300, \
+    { 0xab, 0xb6, 0x3d, 0xd8, 0x10, 0xdd, 0x8b, 0x23 } \
+  }
+
+struct grub_efi_shim_lock_protocol
+{
+  grub_efi_status_t
+  (*verify) (void *buffer,
+	     grub_uint32_t size);
+};
+typedef struct grub_efi_shim_lock_protocol grub_efi_shim_lock_protocol_t;
+
+static grub_efi_guid_t shim_lock_guid = GRUB_EFI_SHIM_LOCK_GUID;
+static grub_efi_shim_lock_protocol_t *sl;
+
+static grub_err_t
+shim_lock_init (grub_file_t io __attribute__ ((unused)), enum grub_file_type type,
+	       void **context __attribute__ ((unused)), enum grub_verify_flags *flags)
+{
+  *flags = GRUB_VERIFY_FLAGS_SKIP_VERIFICATION;
+
+  if (!sl)
+    return GRUB_ERR_NONE;
+
+  switch (type & GRUB_FILE_TYPE_MASK)
+    {
+    case GRUB_FILE_TYPE_LINUX_KERNEL:
+    case GRUB_FILE_TYPE_MULTIBOOT_KERNEL:
+    case GRUB_FILE_TYPE_BSD_KERNEL:
+    case GRUB_FILE_TYPE_XNU_KERNEL:
+    case GRUB_FILE_TYPE_PLAN9_KERNEL:
+      *flags = GRUB_VERIFY_FLAGS_SINGLE_CHUNK;
+
+    default:
+      return GRUB_ERR_NONE;
+    }
+}
+
+static grub_err_t
+shim_lock_write (void *context __attribute__ ((unused)), void *buf, grub_size_t size)
+{
+  if (sl->verify (buf, size) != GRUB_EFI_SUCCESS)
+    return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad shim signature"));
+
+  return GRUB_ERR_NONE;
+}
+
+static void
+shim_lock_close (void *context __attribute__ ((unused)))
+{
+}
+
+struct grub_file_verifier shim_lock =
+  {
+    .name = "shim_lock",
+    .init = shim_lock_init,
+    .write = shim_lock_write,
+    .close = shim_lock_close
+  };
+
+GRUB_MOD_INIT(shim_lock)
+{
+  sl = grub_efi_locate_protocol (&shim_lock_guid, 0);
+  grub_verifier_register (&shim_lock);
+}
+
+GRUB_MOD_FINI(shim_lock)
+{
+  grub_verifier_unregister (&shim_lock);
+}
-- 
1.7.10.4