Better Boots

The UEFI Secure Boot feature ensures that only software with a valid digital signature launches on a computer. UEFI searches for a bootloader on the SSD or hard disk, verifies the digital signature from one of the certificates stored with UEFI, and, if the digital signature is valid, loads and activates the code.

The bootloader searches for the operating system, verifies the digital signature, and launches the operating system. Once the operating system is launched, it only loads kernel modules and drivers that have a valid digital signature.

The idea is that, if all components only load code from trustworthy sources, it is much more difficult for malware authors hiding away in the grubby corners of the Internet to smuggle their software into the boot process.

One problem with UEFI Secure Boot for Linux developers and users is the control that Microsoft maintains over the system. Microsoft's market power means that every hardware manufacturer burns its own certificate as a Platform Key (PK), and then the Microsoft certificate is securely deposited into the Key Exchange Key (KEK) database and (authorized) database (DB) key on the motherboard (Figure 1). Therefore, x86 PCs and laptops initially only boot software with a signature by the grace of Microsoft.

Figure 1: The certificate store used in a Secure Boot-protected computer. DBX is the forbidden signatures database.

Shim: An Alternative Approach

The thought of the Linux kernel needing a digital signature from Microsoft was too much for many Linux users, so Matthew Garrett created a program called the Shim bootloader, an open source alternative that integrates its own certificates. Ubuntu, Red Hat, SUSE, and Debian generate their own versions of Shim that include certificates issued by their companies.

Verisign/Symantec digitally signs the bootloader in Microsoft's stead so that the UEFI firmware will load Shim. Once Shim is loaded, it operates independently of the Microsoft verification chain. Shim has built-in certificate management that lets the owner of the computer store certificates called machine owner keys (MOKs).

Recovering Autonomy

Shim lets large distributors such as Ubuntu, SUSE, and Red Hat win back control of hardware. Using the Canonical certificate stored in Shim, for instance, Ubuntu distros sign the GRUB 2 bootloader. The firmware boots Shim, Shim boots GRUB 2, and GRUB 2 boots the operating system (Figure 2).

Figure 2: The Ubuntu Secure Boot process runs through a series of stations.

The user doesn't notice Secure Boot at first. For example, if you install Ubuntu on a computer with Secure Boot enabled, the installation routine places the signed Shim bootloader and GRUB 2 on the SSD or hard disk and installs the digitally signed kernel, along with verifiable modules and drivers. If Secure Boot is not enabled, the operating system installer copies the various components onto the computer without a digital signature.

Switching Off

If you try to install VirtualBox on a Secure Boot Linux machine, the host computer might object and refuse to load the necessary kernel module because it has no valid digital signature. This behavior occurs in all third-party packages that provide their own modules or drivers. With physical access to the computer, you can inelegantly deactivate the verification of digital signatures by the Linux kernel with Shim by typing the command:

sudo mokutil --disable-validation

The mokutil tool requires you to enter a one-time password. After that, mokutil does not deactivate the check itself, but it sets up the Shim bootloader so that it asks for the password at the next reboot and performs the desired configuration after the correct password is input. After a reboot, Shim expects you to enter the one-time password within a short time frame.

In Shim, select Change Secure Boot state in the selection box (Figure 3). After entering the previously defined one-time password, the compulsory verification of digital signatures is deactivated. However, deactivating verification means that you lose the protection offered by Secure Boot. (You can also switch off Secure Boot directly in the UEFI setup.)

Figure 3: Quick and insecure: In Shim, the signature check can be disabled.