Xen project Mailing List

Re: [Xen-devel] [Xen-users] UEFI Secure Boot Xen 4.9

To: Daniel Kiper <daniel.kiper@xxxxxxxxxx>

From: "Bill Jacobs (billjac)" <billjac@xxxxxxxxx>

Date: Thu, 12 Oct 2017 17:03:13 +0000

Accept-language: en-US

Cc: "xen-users@xxxxxxxxxxxxx" <xen-users@xxxxxxxxxxxxx>, "george.dunlap@xxxxxxxxxx" <george.dunlap@xxxxxxxxxx>, "xen-devel@xxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxx>

Delivery-date: Thu, 12 Oct 2017 17:03:39 +0000

List-id: Xen developer discussion <xen-devel.lists.xen.org>

Thread-index: AdLJ3P+bWKFW9PbwToSKLcgz/NqEFgDpBUqAAAdZ3gAAA4lCoAAqSKMAHUl/D4A=

Thread-topic: [Xen-users] UEFI Secure Boot Xen 4.9

Hi What is the status of creating a shim to abstract secure boot signing for Xen (to leverage MSFT 3rd party, e.g)? Thanks -Bill > -----Original Message----- > From: Daniel Kiper [mailto:daniel.kiper@xxxxxxxxxx] > Sent: Tuesday, May 16, 2017 4:05 AM > To: Bill Jacobs (billjac) <billjac@xxxxxxxxx> > Cc: george.dunlap@xxxxxxxxxx; xen-devel@xxxxxxxxxxxxx; xen- > users@xxxxxxxxxxxxx > Subject: Re: [Xen-users] UEFI Secure Boot Xen 4.9 > > On Mon, May 15, 2017 at 07:09:54PM +0000, Bill Jacobs (billjac) wrote: > > > -----Original Message----- > > > From: Daniel Kiper [mailto:daniel.kiper@xxxxxxxxxx] > > > Sent: Monday, May 15, 2017 6:13 AM > > > To: Bill Jacobs (billjac) <billjac@xxxxxxxxx>; > > > george.dunlap@xxxxxxxxxx > > > Cc: xen-devel@xxxxxxxxxxxxx; xen-users@xxxxxxxxxxxxx > > > Subject: Re: [Xen-users] UEFI Secure Boot Xen 4.9 > > > > > > Hey, > > > > > > CC-ing Xen-devel to spread some knowledge about the issue. > > > > > > On Mon, May 15, 2017 at 10:42:23AM +0100, George Dunlap wrote: > > > > On Wed, May 10, 2017 at 11:36 PM, Bill Jacobs (billjac) > > > > <billjac@xxxxxxxxx> wrote: > > > > > Hi all > > > > > > > > > > I gather that with 4.9, UEFI secure boot of Xen should be possible. > > > > > > > > > > Is this true? > > > > > > > > > > If so, what are the options for utilizing UEFI secure boot? Do I > > > > > need a MSFT-signed shim or grub? Any special changes required > > > > > for Xen kernel > > > > > (signing?) or has that been done? > > > > > > > > Bill, > > > > > > > > I guess in part it depends on what you mean by "utilizing UEFI > > > > secure boot". If you simply want to boot an unsigned Xen on a > > > > UEFI system with SecureBoot enabled, then grub would probably > > > > work. If you want to actually do the full SecureBoot thing -- > > > > where you have grub check Xen's signature and that of the kernel > > > > and initrd, you probably need a bit more. > > > > > > > > Daniel, > > > > > > > > Is there any good documentation on this? The Xen EFI guide > > > > (https://wiki.xenproject.org/wiki/Xen_EFI) mentions the shim, but > > > > doesn't go into detail about how to sign a binary &c. > > > > > > Unfortunately I do not know anything like that. As you said in > > > general shim is supported. Sadly, it works only if you load xen.efi > > > directly > from EFI. > > > __Upstream__ GRUB2 has not have support for shim yet. I am working > > > on it (shim support via GRUB2 requires also some changes in Xen). I > > > hope that I will have something which works before Xen conf in Budapest. > > > > > > If you wish to use shim with xen.efi then you have to sign xen.efi > > > and vmlinux with your key using sbsign or pesign. The process works > > > in the same way like in case vmlinux alone. Of course you have to > > > install your public key into MOK before enabling secure boot. > > > > > > Daniel > > > > Yes, there are options in how this is achievable, and the solutions may be > different. > > > > We are targeting a secure boot chain from UEFI fw to .ko, using same > > signing. > > In our case would skip shim and reduce attack surface, but it appears > > that the mechanisms 'out there' for passing pub key (cert) from UEFI > > db to Linux chainring require shim to do the work. Is that accurate? Does it > have to be the case? I don't see why. > > AIUI, if EFI secure boot is enabled then EFI verifies signatures of every > loaded/executed PE file. Unfortunately, you are not able to use secure boot > protocol directly to verify yourself PE's loaded from your app. So, this is > one of > reasons why shim was introduced. It exposes protocol which can be used by > you to do verification. > > > For us, ideal case is : > > UEFI fw -> (signed)GRUB2.efi->Multiboot2->Xen(signed .ko) > > AFAICT, it is not possible. We should do following thing: > > UEFI -> shim -> GRUB2 -> Multiboot2 -> Xen/Linux/etc. > > UEFI will verify shim secure boot signature then shim will verify GRUB2 > signature then GRUB2 will verify (with shim protocol) Xen signature and > finally > Xen will verify (with shim protocol) Linux kernel signature. Then your kernel > can verify modules using whatever you want. > > > I would be happy to work to help achieve this. > > There is a chance that I will have something very raw at the beginning of > June. > If you wish to do tests drop me a line. > > Daniel _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.