Trying out UEFI boot security on a recent Linux system
With Your Own Keys
The following section shows how to install and configure Debian 7.1.0 in a dual Secure Boot environment alongside Windows 8 Pro. The intent is for the Debian system to be operational, independent of certificates by Microsoft, with Secure Boot enabled and without affecting the operability of Windows 8 Pro. We do not want either of the two systems to be able to modify the UEFI certificate store.
Once installation of the operating systems is completed successfully, the bootloader on the Debian system needs to be signed or its hash added to the db certificate store. Signing the installed bootloader, however, would entail a significant disadvantage: When the system updates the bootloader, it does not have a valid signature or the hash is invalid, which means subsequent boot operations will fail. For this reason, we create another bootloader, which we call the Secure Boot preloader. We change the system configuration so that the Secure Boot preloader is executed by the UEFI firmware instead of the bootloader, which is set up during the installation of Debian. The Secure Boot preloader then loads the original bootloader without any further validation. As a result, only the preloader has to be signed. To set up the Secure Boot preloader, you can use the commands in Listing 1.
Listing 1
Creating a Preloader
Afterward, you need to sign the Secure Boot preloader with:
sbsign --key db.key --cert db.pem.crt/boot/efi/EFI/debian/secure-boot-preloader.efi
The sbsign
tool takes care of signing the bootloader; sbsign
comes with the sbsigntools
toolbox.
This command assumes the private key used for signing UEFI applications resides in the db.key
file and that the associated certificate resides in db.pem.crt
. The signing step should not take place on the affected system itself, but in a safe working environment, to keep the private key secure.
After setting up the bootloader, you need to modify the certificate store of the UEFI firmware. We used the EFI tools to modify the certificate store. To this end, you need to create a bootable USB stick containing the efitools package. A suitable image is provided by the author of efitools [2]. You can use the tool dd
to copy it to a USB stick then convert both the Microsoft Windows Production PCA 2011 certificate and the keys belonging to your own key material (PK, KEK, db) to a format that the UEFI firmware can process. The cert-to-efi-sig-list
command from the EFI Tools handles this conversion.
To make the changes to the certificate store, you now need to switch the Secure Boot system on the platform to Setup mode using UEFI Setup. The exact procedure for switching to Setup mode is platform specific.
After that, boot from the prepared USB stick. In the UEFI shell, enter the following commands to launch KeyTool. KeyTool provides a rudimentary text-based interface for modifying the UEFI certificate store:
fs0: cd EFI cd BOOT KEYTOOL.EFI
The menu item Edit Keys
opens a submenu that lets you modify the PK, KEK, db, dbx, and MOK list certificate stores as follows:
- MOK list – Remove any existing certificates and hashes.
- db – Remove any existing certificates and hashes; add the Microsoft Windows Production PCA 2011 certificate. Add your own certificate for signing UEFI applications. Alternatively, you can add a hash of the bootloader.
- dbx – No changes necessary.
- KEK – Remove any existing certificates and hashes; add your own KEK certificate.
- PK – Add the certificate for your own platform keys.
Note that the modification of the PK certificate store must be the last step, in that adding a platform key quits Setup mode and changes to User mode. Subsequent manipulation of the certificate store is then only possible using signed updates or deleting the platform keys with UEFI Setup. After this step, you can launch Debian with Secure Boot enabled.
Conclusions
The UEFI implementations of the platforms we investigated faithfully kept to the Secure Boot specification – or at least to the extent we investigated in this article. The Microsoft Windows Production 2011 PCA certificate required by Microsoft as part of Windows Hardware Certification Program and the optional Microsoft Corporation UEFI CA 2011 certificate are provided by all the PC vendors we investigated. The UEFI CA 2011 certificate basically ensures the functionality of operating systems from vendors other than Microsoft with Secure Boot enabled.
Many current operating systems, such as Windows 8 Pro, Ubuntu 13.04, and Fedora 19 already provide support for Secure Boot. The actual security benefit, however differs strongly among the operation systems we investigated. The investigated operating systems that do not natively support Secure Boot – more specifically, Debian 7.1.0 and Red Hat Enterprise Linux 6.4 – can be talked into running with Secure Boot enabled with very little effort on all investigated hardware platforms.
Secure Boot has the potential to protect a system against unauthorized tampering. Although a number of challenges exist and further measures are needed for complete protection, Secure Boot can still help the owner retain sovereignty over the IT system.
Another strength of Secure Boot is that the owner of the IT system can decide which specific protection measures they want to implement. Users can therefore create custom security solutions and optimize the overhead to security ratio.
One major disadvantage of Secure Boot is that you absolutely need UEFI. Developers currently have very little practical experience with security for UEFI-compatible firmware. Thus, there is a real risk that the potential safety benefits of Secure Boot will be compromised by (intentional or unintentional) implementation errors in the firmware. In particular, the flexible extensibility and the feature scope give manufacturers an easy option for implementing backdoors. Additionally, the success of any potential safety gain depends on the ability to integrate Secure Boot into the operating system. Although Secure Boot is freely configurable on all the platforms we investigated, future implementations might restrict this ability and bind devices to a vendor's software.
Acknowledgement
The study described in this article was conducted as part of a project for Germany's Federal Office for Information Security.
Infos
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Rhino Linux Announces Latest "Quick Update"
If you prefer your Linux distribution to be of the rolling type, Rhino Linux delivers a beautiful and reliable experience.
-
Plasma Desktop Will Soon Ask for Donations
The next iteration of Plasma has reached the soft feature freeze for the 6.2 version and includes a feature that could be divisive.
-
Linux Market Share Hits New High
For the first time, the Linux market share has reached a new high for desktops, and the trend looks like it will continue.
-
LibreOffice 24.8 Delivers New Features
LibreOffice is often considered the de facto standard office suite for the Linux operating system.
-
Deepin 23 Offers Wayland Support and New AI Tool
Deepin has been considered one of the most beautiful desktop operating systems for a long time and the arrival of version 23 has bolstered that reputation.
-
CachyOS Adds Support for System76's COSMIC Desktop
The August 2024 release of CachyOS includes support for the COSMIC desktop as well as some important bits for video.
-
Linux Foundation Adopts OMI to Foster Ethical LLMs
The Open Model Initiative hopes to create community LLMs that rival proprietary models but avoid restrictive licensing that limits usage.
-
Ubuntu 24.10 to Include the Latest Linux Kernel
Ubuntu users have grown accustomed to their favorite distribution shipping with a kernel that's not quite as up-to-date as other distros but that changes with 24.10.
-
Plasma Desktop 6.1.4 Release Includes Improvements and Bug Fixes
The latest release from the KDE team improves the KWin window and composite managers and plenty of fixes.
-
Manjaro Team Tests Immutable Version of its Arch-Based Distribution
If you're a fan of immutable operating systems, you'll be thrilled to know that the Manjaro team is working on an immutable spin that is now available for testing.