Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Shim 15.4 for RHEL 7 (rhel-7-shim-20210521) #178

Closed
9 tasks done
vathpela opened this issue Jun 1, 2021 · 11 comments
Closed
9 tasks done

Shim 15.4 for RHEL 7 (rhel-7-shim-20210521) #178

vathpela opened this issue Jun 1, 2021 · 11 comments
Labels
accepted Submission is ready for sysdev

Comments

@vathpela
Copy link
Contributor

vathpela commented Jun 1, 2021

Make sure you have provided the following information:

  • link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  • completed README.md file with the necessary information
  • shim.efi to be signed
  • public portion of your certificate(s) embedded in shim (the file passed to VENDOR_CERT_FILE)
  • binaries, for which hashes are added do vendor_db ( if you use vendor_db and have hashes allow-listed )
  • any extra patches to shim via your own git tree or as files
  • any extra patches to grub via your own git tree or as files
  • build logs
  • a Dockerfile to reproduce the build of the provided shim EFI binaries
What organization or people are asking to have this signed:

Red Hat, Inc.

What product or service is this for:

Red Hat Enterprise Linux 7

Please create your shim binaries starting with the 15.4 shim release tar file:
https://github.com/rhboot/shim/releases/download/15.4/shim-15.4.tar.bz2
This matches https://github.com/rhboot/shim/releases/tag/15.4 and contains
the appropriate gnu-efi source.
Please confirm this as the origin your shim.

This starts with the shim 15.4 release tarball.
Here is the review repo: vathpela/shim-review@rhel-7-shim-20210521, which includes README.md, both shim EFI binaries, redhatsecurebootca5.cer, and the build logs root.log and build.log.

What's the justification that this really does need to be signed for the whole world to be able to boot it:

We're a major bigtime OS vendor

How do you manage and protect the keys used in your SHIM?

They're stored in an HSM.

Do you use EV certificates as embedded certificates in the SHIM?

No.

If you use new vendor_db functionality, are any hashes allow-listed, and if yes: for what binaries ?

Yes, for several linux kernel builds. Yes. The vendor db is included here as
db.x64.esl, and it includes the certificate redhatsecurebootca5.cer and the
authenticode hashes listed in db.x64.txt

Is kernel upstream commit 75b0cea7bf307f362057cc778efe89af4c615354 present in your kernel, if you boot chain includes a Linux kernel ?

All of the following commits are present:

475fb4e8b2f4444d1d7b406ff3a7d21bc89a1e6f
1957a85b0032a81e6482ca4aab883643b8dae06e
612bd01fc6e04c3ce9eb59587b4a7e4ebd6aff35
75b0cea7bf307f362057cc778efe89af4c615354
435d1a471598752446a72ad1201b3c980526d869

And the configuration setting CONFIG_EFI_CUSTOM_SSDT_OVERLAYS is disabled.

if SHIM is loading GRUB2 bootloader, are CVEs CVE-2020-14372,
CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779,
CVE-2021-20225, CVE-2021-20233, CVE-2020-10713, CVE-2020-14308,
CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705,
( July 2020 grub2 CVE list + March 2021 grub2 CVE list )
and if you are shipping the shim_lock module CVE-2021-3418
fixed ?

Yes, these are all fixed

"Please specifically confirm that you add a vendor specific SBAT entry for SBAT header in each binary that supports SBAT metadata
( grub2, fwupd, fwupdate, shim + all child shim binaries )" to shim review doc ?
Please provide exact SBAT entries for all SBAT binaries you are booting or planning to boot directly through shim

On shim, we have:

sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
shim,1,UEFI shim,shim,1,https://github.com/rhboot/shim
shim.redhat,1,Red Hat,shim,15.4-4.el7,[email protected]

On grub2, we have:

sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
grub,1,Free Software Foundation,grub,2.02,https://www.gnu.org/software/grub/
grub.rhel7,1,Red Hat Enterprise Linux 7,grub2,1:2.02-0.87.el7_9.7,mail:[email protected]
Were your old SHIM hashes provided to Microsoft ?

Yes.

Did you change your certificate strategy, so that affected by CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749,
CVE-2020-27779, CVE-2021-20225, CVE-2021-20233, CVE-2020-10713,
CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705 ( July 2020 grub2 CVE list + March 2021 grub2 CVE list )
grub2 bootloaders can not be verified ?

We revved the cert for the 2020 batch of CVEs; for this one we require .sbat and are revoking the shims that don't require it.

What exact implementation of Secureboot in grub2 ( if this is your bootloader ) you have ?
* Upstream grub2 shim_lock verifier or * Downstream RHEL/Fedora/Debian/Canonical like implementation ?

It is a RHEL-like implementation

What is the origin and full version number of your bootloader (GRUB or other)?

It's grub with a little light patching ;)

If your SHIM launches any other components, please provide further details on what is launched

We also have fwupd, which will have similar .sbat provisions to grub2.

If your GRUB2 launches any other binaries that are not Linux kernel in SecureBoot mode,
please provide further details on what is launched and how it enforces Secureboot lockdown

No, only linux.

If you are re-using a previously used (CA) certificate, you
will need to add the hashes of the previous GRUB2 binaries
exposed to the CVEs to vendor_dbx in shim in order to prevent
GRUB2 from being able to chainload those older GRUB2 binaries. If
you are changing to a new (CA) certificate, this does not
apply. Please describe your strategy.

We're using a post-boothole certificat and dbxing the intermediate shims that didn't require sbat.

How do the launched components prevent execution of unauthenticated code?

Everything validates signatures using shim's protocol.

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

No.

What kernel are you using? Which patches does it includes to enforce Secure Boot?

All signed kernels are all patched for the kernel boothole CVEs and have the CONFIG_EFI_CUSTOM_SSDT_OVERLAYS config option disabled.

What changes were made since your SHIM was last signed?

Only upstream changes.

What is the SHA256 hash of your final SHIM binary?
random:~/devel/github.com/shim-review/rhel-7-shim-20210521$ sha256sum shim*.efi
d5e16e6b44a50ea090f2f69f90697753dd36d3e2dc913234acedc326bb3941c4  shimia32.efi
d5c77c21a626aff4e20c5f34fecf3ed57ca0e31ea75b98819002518f8cf93126  shimx64.efi

These represent the following submission IDs:

  • 14255918017826488 shimia32.efi
  • 13902829049082438 shimx64.efi

edits:

  • v2: fixed the repo link and the vendor_db section.
@vathpela vathpela changed the title Shim review for RHEL 7 (rhel-7-shim-20210521) Shim 15.4 for RHEL 7 (rhel-7-shim-20210521) Jun 1, 2021
@steve-mcintyre
Copy link
Collaborator

steve-mcintyre commented Jun 3, 2021

  • shim reproduces ok
  • CA key looks fine
  • sane shim upstream tarball
  • patches look ok, mostly straight from upstream of course
  • Grub and kernel setup looks good

@steve-mcintyre steve-mcintyre added accepted Submission is ready for sysdev and removed accepted Submission is ready for sysdev labels Jun 3, 2021
@steve-mcintyre
Copy link
Collaborator

Oh, hmmm - I don't see a VENDOR_CERT_FILE anywhere in the build output.That's a little surprising...

@vathpela
Copy link
Contributor Author

vathpela commented Jun 3, 2021

Oh, hmmm - I don't see a VENDOR_CERT_FILE anywhere in the build output.That's a little surprising...

Right, so we have to use VENDOR_DB_FILE anyway, because in RHEL 7, we have a bunch of kernel builds that don't have any of the ACPI CVEs in them, so we need them to be allowed by hash since the key they're signed with is no longer on the trusted key list. Since that's the case, the simplest thing was just to put the cert in the included DB anyway.

@steve-mcintyre
Copy link
Collaborator

Hmmm. Quoting from above:

"We don't use vendor_db in this build."

This could be much easier to follow...

@vathpela
Copy link
Contributor Author

vathpela commented Jun 3, 2021

Apologies, I've erroneously copied text from the RHEL 8 version of this instead of the prior RHEL 7 version. I've update that as well as fixing the link to the correct repo.

@vathpela
Copy link
Contributor Author

vathpela commented Jun 3, 2021

FWIW, vendor_db was generated using efisecdb from the devel branch of efivar at https://github.com/vathpela/efivar/tree/security-features . The command line used was: ./efisecdb -o db.x64.esl -g {redhat} -a -c redhatsecurebootca5.cer -t sha256 $(cat db.x64.txt | while read k h ; do echo -h $h ; done)

@steve-mcintyre
Copy link
Collaborator

ok, that's better

(re-)marking accepted now

@steve-mcintyre steve-mcintyre added the accepted Submission is ready for sysdev label Jun 3, 2021
@SerMel13
Copy link

SerMel13 commented Jun 4, 2021

Hello,
I have a doubt about this point:
Is kernel upstream commit 75b0cea7bf307f362057cc778efe89af4c615354 present in your kernel, if you boot chain includes a Linux kernel

It was mentioned, that 3.10 kernel from el7 has this patch, but I have no find evidences of this patch in code after rpmbuild -bp kernel.spec.

Oracle in their OL7 certification doesn't mentioned 3.10 kernel from el7 in a list of "good" kernels for SecureBoot without BootHole issue.
See details in:
#141

@SerMel13
Copy link

SerMel13 commented Jun 9, 2021

Hello @vathpela.

Sorry for the noise, could you comment about the presence of the required SecurityBoot patches in latest RHEL 7 kernel (for example kernel-3.10.0-1160.25.1.el7.src.rpm)?

I haven't found any evidences of their presence in actual RHEL 7 kernel.

@vathpela
Copy link
Contributor Author

vathpela commented Jun 9, 2021

Hello @vathpela.

Sorry for the noise, could you comment about the presence of the required SecurityBoot patches in latest RHEL 7 kernel (for example kernel-3.10.0-1160.25.1.el7.src.rpm)?

I haven't found any evidences of their presence in actual RHEL 7 kernel.

Sorry, that's another copy-paste error stemming from me starting with the RHEL 8 ISSUE_TEMPLATE.md rather than from the previous RHEL 7 one. My apologies; I have made a note of that process error so that it doesn't happen in the future, but this time that ship has sailed.
You're correct that we don't have those patches. The thing here is that the bug in question was introduced in 4.7, and 3.10.0 doesn't have the upstream patches that introduced either the configfs bug (nor any of the ACPI configfs code) or the SSDT EFI variable loading code.

Instead of the text above stating that it has those patches, it should have said:

###### Is kernel upstream commit 75b0cea7bf307f362057cc778efe89af4c615354 present in your kernel, if you boot chain includes a linux kernel ?
None of the following commits are present:
475fb4e8b2f4444d1d7b406ff3a7d21bc89a1e6f
1957a85b0032a81e6482ca4aab883643b8dae06e
612bd01fc6e04c3ce9eb59587b4a7e4ebd6aff35
75b0cea7bf307f362057cc778efe89af4c615354
These kernels do not have that bug.

@SerMel13
Copy link

SerMel13 commented Jun 9, 2021

Thank you for clarification. Now I have no objections. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
accepted Submission is ready for sysdev
Projects
None yet
Development

No branches or pull requests

4 participants