On Tue, Apr 23, 2019 at 9:15 AM Francois Ozog francois.ozog@linaro.org wrote:

Thanks Heinrich,

I now see how EFIBootGuard integrates in the secureboot process.

If we wan to push integrity checking beyond executable image, for instance validating:

• Linux initrd and commandline
• grub modules and configfile.
• efibootguard configuration files

It starts to look hairy.

The integrity measurement process for boot is generally handled by TCG TPM2 UEFI bits in the spec, I see that as separate to secure boot.

Would validation of the entire EFI boot partition be just good enough? (using dm-verity, fs-verity or whatever mechanism)

That's not part of the secure-boot spec.

The way this works on x86 is that there's a shim [1] which gets signed by Microsoft, the firmware contains the Microsoft public key to verify the shim and shim then has the ability to verify grub and so on, this is the same mechanism that's used for aarch64 SBSA mechanisms. I don't see why that wouldn't work in this case too, it might not be the MS key, but the same process could work. I spoke with Grant about this @ Linaro Connect.

Peter

[1] https://github.com/rhboot/shim/

Cheers

FF

On Mon, 22 Apr 2019 at 19:55, Heinrich Schuchardt xypron.glpk@gmx.de wrote:

...

On Fri Apr 19 10:48:51 UTC 2019 François Ozog francois.ozog@linaro.org wrote

...

We will be conducting a UEFI gap analysis to support EFIBootGuard in U-Boot.

As we are working on UEFI SecureBoot implementation in U-Boot, how do you expect the boot process to be secured? Would U-Boot UEFI SecureBoot verify EFIBootGuard signature and in turn EFIBootGuard will check either grub or Linux signature?

Please elaborate on your vision of a secured boot process.

The UEFI spec is quite clear about this:

An implementation of SecureBoot will check the signature of any EFI binary before starting it. StartImage() will return EFI_SECURITY_VIOLATION when trying to start an image that is neither correctly signed nor whose hash is known.

As we use StartImage() for starting any image the signature of EFIBootGuard would be checked first and then any of the child applications it starts.

You will not be able to start GRUB or the Linux kernel if their signature are not added to U-Boot's key database.

Of cause you could implement inside EFIBootGuard your own mechanism to start a loaded image without calling StartImage(). In this case U-Boot cannot protect you from invalid images.

Best regards

Heinrich

-- François-Frédéric Ozog | *Director Linaro Edge & Fog Computing Group* T: +33.67221.6485 francois.ozog@linaro.org | Skype: ffozog _______________________________________________ boot-architecture mailing list boot-architecture@lists.linaro.org https://lists.linaro.org/mailman/listinfo/boot-architecture