-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Shim 15.8 for Mariner 2.0 #387
Comments
Note for reviewers: please see rhboot/shim#634 in regard to the SBAT generation numbers provided in the application. |
Hey @ddstreetmicrosoft, it looks like you forgot to mention shim sbat in section of the readme. |
Ah ok sorry, I had interpreted "...booting or planning to boot directly through shim" as meaning "...booting directly through shim, or planning to boot directly through shim" but I assume it actually was intended to mean "...booting (or planning to boot) directly from UEFI firmare or directly from shim". Might be clearer to just say "Please provide exact SBAT entries for all shim binaries as well as all SBAT binaries that shim will directly boot." I added the shim sbat and pushed a new tag (with today's date). thanks! |
opened #388 to clarify the question wording (assuming I understand it correctly now) |
Hello, just checking if anything is needed for this review. Thanks! |
I'm not an official reviewer, just trying to help with the official reviewers load.
Expired
|
Reviewing as much as I can right now.
The build does reproduce, checksum matches, characteristics seem alright!
<hr>
```
*******************************************************************************
### If you use vendor_db functionality of providing multiple certificates and/or hashes please briefly describe your certificate setup.
### If there are allow-listed hashes please provide exact binaries for which hashes are created via file sharing service, available in public with anonymous access for verification.
*******************************************************************************
The ESL contains both our current signing certificate, which is expired, as well as our new signing certificate. Including both certificates allows existing signed kernels to continue to be loadable under secure boot.
There are no hashes in the ESL.
We have generated a GUID for Azure Linux to use as the cert owner in the ESL, f4de3b90-399b-4eb0-aa3f-041c434a2de3.
The ESL was generated using the efivar release 39 source tarball, compiled and installed locally, with the command:
$ efisecdb -o db.x64.esl -g 'f4de3b90-399b-4eb0-aa3f-041c434a2de3' -a -c cbl-mariner-ca-20211013.der -c cbl-mariner-ca-20230216.der
```
Alright!
I've checked the ESL and the certificates are right there as mentioned. Here's
how I did it:
```
$ rpmdev-extract -C /tmp/ shim-unsigned-x64-15.8-1.el8.src.rpm
$ binwalk -Mre --dd='.*' /tmp/shim-unsigned-x64-15.8-1.cm2.src/db.x64.esl
$ openssl x509 -noout -text -in _db.x64.esl.extracted/2C | less
$ openssl x509 -noout -text -in _db.x64.esl.extracted/562 | less
```
`562` is the current one. It's valid for 15 years, uses SHA-512 as the hash
function and has a modulus size of 4096 (Wow!). I'll paste the details here for
convenience.
```
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
33:00:00:00:02:63:94:70:7a:16:d9:f1:da:00:00:00:00:00:02
Signature Algorithm: sha512WithRSAEncryption
Issuer: C = US, O = Microsoft Corporation, CN = Microsoft Mariner RSA Root CA 2023
Validity
Not Before: Feb 16 19:39:02 2023 GMT
Not After : Feb 9 21:25:53 2038 GMT
Subject: C = US, O = Microsoft Corporation, CN = Mariner Trusted Base RSA Code Signing CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:bf:bc:4c:59:f0:49:7e:a9:13:52:7a:11:be:1f:
75:52:72:d2:92:e6:16:b6:35:1b:ca:2a:c5:f3:ea:
63:49:74:ad:ec:e8:7a:2d:69:f2:16:6b:3c:0b:24:
d6:5f:e5:a7:e0:48:0e:b6:25:ff:44:e2:64:e4:a4:
54:13:28:77:9e:bd:fc:90:e7:b6:88:6f:8f:27:19:
b4:22:8a:fb:d3:d8:32:8a:61:b3:20:f9:5e:fb:0a:
ef:13:5a:46:2c:71:4d:33:8b:27:9e:b5:88:a4:2a:
9f:2d:bd:6c:93:60:3b:f3:7d:d3:db:3d:a5:71:5a:
d5:c8:50:29:69:b7:21:bf:08:4a:26:70:8f:40:a2:
c5:64:f0:7c:69:93:a9:af:69:47:59:b0:43:27:54:
2b:c1:d2:e2:e3:b9:8b:65:aa:07:4e:b9:6f:54:78:
f2:b1:06:98:2d:26:e1:66:17:df:b3:9d:10:55:3b:
67:3a:2b:32:b7:46:f2:d6:05:2f:ea:c2:7d:91:31:
90:1a:2a:71:40:fa:4a:8d:d9:b3:3f:ca:41:e9:f1:
4c:d2:b2:bf:75:08:57:7b:33:4c:fe:d6:f2:02:c6:
fb:72:93:af:86:12:e9:4f:ba:cf:3b:53:a7:e6:ad:
dc:39:47:d0:61:41:22:81:8c:36:7c:67:b3:fe:ed:
66:85:0b:d8:47:bd:08:bf:75:81:7e:45:11:0d:62:
c9:ce:77:b3:36:21:43:cd:8b:8f:04:3e:31:15:51:
a6:96:ec:0d:37:6e:4c:2a:e5:e3:dc:69:f8:e7:dd:
ee:f4:2e:b0:dc:3c:b7:69:83:03:86:dd:a1:78:0f:
3a:b1:c7:bf:ed:00:91:1e:32:5c:3c:31:76:15:8c:
31:0e:e9:ad:42:8e:f6:56:06:0c:92:fd:ed:be:38:
07:4a:e5:c8:13:e9:a8:c6:19:b2:18:19:08:61:98:
87:3c:3e:51:77:0e:43:58:73:33:e8:00:29:c4:97:
fe:23:25:d7:64:46:19:ea:9d:e3:54:9e:7b:2b:17:
5d:e7:d0:2d:f2:65:c9:5b:23:af:84:f1:ed:18:de:
99:67:e2:c0:98:8b:e5:1a:cc:dc:c5:df:52:64:61:
64:93:cf:0d:dd:10:4c:cf:bb:2c:2a:21:b8:f8:77:
0b:5e:36:15:cb:41:dc:34:ac:cc:73:79:39:6c:5c:
1c:62:d5:16:cc:3b:dd:4b:43:fa:32:e1:67:65:83:
e3:76:2a:6f:e8:87:29:a7:e3:63:78:53:05:42:d0:
76:8c:e4:d7:88:d5:2d:37:b6:c5:f4:e5:af:c4:d3:
52:29:48:a0:07:68:13:4d:8b:89:5b:4b:e5:55:2a:
66:af:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
1.3.6.1.4.1.311.21.1:
...
X509v3 Subject Key Identifier:
75:54:B1:5F:7D:70:FC:F0:8D:B9:0F:AA:6A:75:C1:BE:B4:8A:7E:5C
1.3.6.1.4.1.311.20.2:
.
.S.u.b.C.A
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Authority Key Identifier:
ED:B3:FF:0C:D5:FC:0C:BB:C5:1D:45:F5:72:5F:70:15:F9:C8:C6:A6
X509v3 CRL Distribution Points:
Full Name:
URI:http://www.microsoft.com/pkiops/crl/Microsoft%20Mariner%20RSA%20Root%20CA%202023.crl
Authority Information Access:
CA Issuers - URI:http://www.microsoft.com/pkiops/certs/Microsoft%20Mariner%20RSA%20Root%20CA%202023.crt
Signature Algorithm: sha512WithRSAEncryption
Signature Value:
60:a2:2e:8f:a4:2e:61:c4:4c:13:48:8f:03:41:0a:94:72:6a:
6b:b3:7d:78:c6:e7:86:cc:62:b4:b4:90:f8:c0:58:3f:2f:6b:
10:38:1b:36:97:c8:cf:f2:93:6a:b9:d3:19:84:6d:17:43:96:
17:dd:93:f3:e4:99:83:85:4e:f2:3e:e0:37:77:de:49:6d:30:
2c:b6:fe:5c:1f:d4:28:bc:5c:89:58:00:7f:de:22:23:b8:94:
aa:88:93:60:db:7e:7d:9e:30:23:1e:14:5c:74:05:0d:33:bf:
11:c9:61:43:16:cf:f9:2a:75:3c:51:e7:b2:d9:72:50:54:18:
f9:fe:43:fd:a9:0d:96:1f:b9:71:ac:4b:5a:d0:a8:50:55:eb:
2c:52:80:32:c0:00:ef:40:b8:1b:f3:df:6a:f0:94:6c:a2:72:
1a:ee:7c:71:0c:d7:e6:1f:8c:ff:30:eb:0a:62:d2:ef:c9:1d:
37:aa:03:ac:c5:b2:19:17:c5:74:18:2f:b4:7c:22:39:42:51:
55:88:1b:db:c1:03:46:20:75:c6:98:5d:8e:4c:4f:55:9c:b4:
c7:16:08:2b:b5:da:05:ad:53:77:ce:0b:ce:97:ad:ff:80:fb:
e5:2d:09:85:c0:2f:58:78:83:46:0e:a5:92:0b:e8:b4:61:ec:
28:91:e4:a8:7b:73:0f:72:95:8b:fd:df:e6:04:49:01:d8:d9:
50:30:0a:cf:a3:ff:14:5e:c6:4b:f9:a1:64:46:93:30:2a:11:
24:af:d2:22:5f:66:0e:c3:ce:fc:84:fb:d5:db:21:82:86:a1:
2d:8d:ac:fc:86:09:2b:59:b1:79:7b:07:74:29:03:87:40:be:
3d:28:c9:ee:58:65:76:c5:b4:88:07:4b:8b:86:c9:46:2f:11:
86:1e:74:d0:b8:fe:e8:d9:ee:d7:01:bf:12:81:dc:1c:ca:26:
bc:bb:32:42:ed:50:98:5f:a9:09:d5:0c:59:18:f3:0a:72:db:
8c:9e:9b:d2:03:47:49:f6:51:ad:5a:f7:f9:1b:9b:10:d3:fa:
52:78:ab:b7:cc:c4:f2:5f:d9:09:d3:91:d4:17:4a:e3:5e:8f:
3e:8d:e3:25:2a:89:7d:b6:d8:72:e6:90:31:5d:85:ea:b6:84:
c6:34:a2:2e:4f:92:2b:ec:9d:89:fb:6f:8b:03:72:5c:ae:7a:
7d:38:04:50:48:c1:fc:b4:47:04:52:58:47:f3:c1:37:dd:ac:
64:fa:57:f5:d3:ff:79:fd:b7:00:c8:15:9c:8a:f2:84:63:52:
5c:28:d0:60:22:ab:ca:f4:bb:03:ce:2a:72:d0:3e:92:89:a5:
60:b8:20:2b:35:2e:39:01
```
Note: I've never worked with an `.esl` file being embedded inside a shim binary,
hence why I don't know, how it will behave under UEFI with Secure Boot enabled.
Historically I've witnessed a lot of low-level curiosities to be unsure.
<hr>
I'll send verification emails soon, since the contact pair has changed. I'll
need to do this for both contacts, as that's the process.
Please check your spam folder if no messages arrive soon.
|
The verification email to me decrypted to the words:
|
@ddstreet Just remind you that the pem format of certificate file cbl-mariner-ca-20211013.pem found in the review of @es-fabricemarie is not allowed according to https://github.com/rhboot/shim-review/pull/402/files Besides, I found shim-15.7 is also included in db.x64.esl file. Is it useful ?
|
That isn't in the shim, so unless I'm missing something, it's not at all relevant to this shim review.
Again, unless I'm missing something, it's not in the esl; probably you just had it in your filesystem already?
|
Just FYI, @christopherco has just left for extended vacation so unfortunately it's unlikely he will be able to handle the verification email until he is back; if the review does require verification from him also (as well as the verification I already provided) can we at least get through all the rest of the review so this can be approved right away once he gets back? |
Looks like some errors happened that shall be clarified. The comment I sent earlier through an e-mail did not get formatted by GitHub as Markdown properly. Despite that, the text itself mentions that the ESL certificates match the ones provided as part of the application, i.e. they are DER-formatted. Simply running binwalk, like I mentioned, shall print a hint about them:
Yes, I'll kindly do further review and learn how the ESL embedding into a shim binary behaves, but that will take me a while to recreate a laboratory I made some time ago. I understand that the PGP key hasn't changed, but I'm sticking to the current process, where both contacts need to be verified like here - I was supposed to type the decrypted random words, although my key has been and still is the same. |
@ddstreetmicrosoft, as promised, I'm preparing a laboratory to check the ESL things out in the context of the whole bootloader chain working. However, I couldn't get Secure Boot to work - when attempting to boot, I immediately get a security violation error. As part of recreating this setup, I generated two separate CAs with their corresponding certificates and private keys (used a date hooking library to more-or-less recreate their application-equivalent actual validity periods). I merged them into an I then manually signed the shim binary with my own
and then attempted to rebuild the RPM with a self-signed shim, which should work with my own EFI signature lists enrolled into the firmware. However, in order to rebuild the RPM, a command similar to the following shall be ran:
Question: what should be present in place of the placeholder entry |
The Conversely, to accurately test the normal secure boot configuration, none of the certs that are embedded inside the shim should be added to the UEFI DB.
If you're trying to build the Mariner 2.0 unsigned shim rpm, then the I would suggest first starting with the srpm that's included in the review repo: https://github.com/microsoft/shim-review/raw/cbl-mariner-shim-x64-20240222/shim-unsigned-x64-15.8-1.cm2.src.rpm You can install that on any rpm-based distro (e.g. Fedora) and then you simply need to replace the
You'll need to install the proper deps (which are slightly different on Fedora than Mariner) and then build it normally (but with
That will produce an rpm with the unsigned shim efi, that has your
Now sign the Note that you will also need to resign (or add a signature to) your boot loader (e.g. |
Oh also I forgot to point out that our shim builds with no
Once the shim loads grub, it's up to your particular grub build to determine where grub will look for its config file(s). |
Exactly that! What I did were these two separate actions: The first is that I built an unsigned shim with the The second is that I created my own lists that I enrolled into my firmware (since I myself am not Microsoft and don't own the private part used for signing binaries), equivalent to the following:
Later on I manually signed the unsigned shim binary (having the ESL embedded into it) with my equivalent of Then I wanted to build an RPM with a signed shim (signed by my equivalent of Since that's just a laboratory, I was not using a real HSM or a smartcard, only the internal NSS certificate database.
I might have missed something - thank you! I'll take a closer look soon. |
For reference, the current spec file (not updated yet for 15.8) for Mariner 2.0 that takes the signed shim and builds an rpm is here, however you really don't need to do that, you can just copy the signed shim into place on your test system, to |
I've finished the laboratory - it does work! However, I did it in a slightly different way than suggested, e.g. putting the self-signed shim binary in If anyone wants, I can write a guide on how to recreate the setup. As mentioned in #387 (comment), waiting for a reply with the decrypted random words. Then we can celebrate! |
@aronowski just returned from vacation and here are the decrypted words for my verification. Thanks for doing this review! Please let us know if there is any more information we can help provide.
|
Thank you for the update. Accepting! |
Update - We have received the signed shim. This issue can now be closed. Thanks! |
Confirm the following are included in your repo, checking each box:
What is the link to your tag in a repo cloned from rhboot/shim-review?
https://github.com/microsoft/shim-review/tree/cbl-mariner-shim-x64-20240221
Add missing shim sbat in README: https://github.com/microsoft/shim-review/tree/cbl-mariner-shim-x64-20240222
What is the SHA256 hash of your final SHIM binary?
82ede1584e7de1347446a241f09c05cf3efc134206c446be3d548a748e4752e3
What is the link to your previous shim review request (if any, otherwise N/A)?
#223
The text was updated successfully, but these errors were encountered: