On Tue, 4 Jun 2019 at 18:38, Francois Ozog francois.ozog@linaro.org wrote:
On Tue, 4 Jun 2019 at 10:57, Ard Biesheuvel ard.biesheuvel@linaro.org wrote:
Yes, that makes sense. But the problem is that UEFI secure boot does not support this model. An image is considered valid if it authenticates against any of the keys in db. And any key in KEK can sign updates to db and dbx. And today's current practice is to include Microsoft keys in both KEK and db.
Only shim<arch>.efi is Microsoft signed. So we shold be clear to sign
SecureBoot without Shim, booting directly grub<arch>.efi for instance.
Unfortunately, the way things work today, secureboot-enabled GRUB can only run in combination with shim, since it explicitly attaches to a protocol exposed by shim. So even on a system where the installer can see that the required certificates (i.e., redhat's signing certificate) are present in the firmware's keyring, it still needs to install shim in order to be able to run GRUB.
This is on my list of things to get fixed, and I have already discussed a possible solution with Peter Jones (RH) but neither of us currently have the bandwidth to sit down and do the work.