From Fedora Project Wiki

Line 1: Line 1:
{{admon/caution|DRAFT|This is just a DRAFT. We try and make sure the information here is up to date and correct, but please check before depending on it.}}
 
 
 
= What is Secure boot? =
 
= What is Secure boot? =
  
Secure boot is a setup using UEFI firmware to check cryptographic signatures on the bootloader and associated OS kernel to ensure they have not been tampered with or bypassed in the boot process.  
+
Secure boot is a setup using UEFI firmware to check cryptographic signatures on the boot-loader and associated OS kernel to ensure they have not been tampered with or bypassed in the boot process. Secure boot activates a lock-down mode in the Linux kernel which disables various features kernel functionality:
  
= Background =
+
*Loading kernel modules that are not signed by a trusted key.
  
With the release of Windows 8, Microsoft has decided that all hardware that is marked "Windows 8 client ready" should:
+
*Using kexec to load an unsigned kernel image.
  
* Have secure boot enabled by default.  
+
*Hibernation and resume from hibernation.
  
* Allow a physically present user to disable secure boot in the firmware interface.  
+
*User-space access to physical memory and I/O ports.
  
* Ship the Microsoft keys in firmware.  
+
*Module parameters that allow setting memory and I/O port addresses.
  
* Allow a physically present user to enroll their own keys in the firmware interface.  
+
*Writing to MSRs through /dev/cpu/*/msr.
  
This means that Fedora releases prior to Fedora 18 will refuse to boot until the user disables secure boot in the firmware.  The Fedora 18 release supports booting in Secure Boot mode.
+
*Use of custom ACPI methods and tables.
  
= How does it work? =
+
Lock-down mode can be disabled by pressing Alt-SysRq-x until the next boot.
  
= Fedora and Secure Boot =
 
  
Maintainers of the grub2, kernel and associated packages have proposed a plan where by Fedora will have Verisign (via Microsoft) sign a bootloader shim that will in turn boot grub2 (signed by a Fedora key) and the Fedora kernel (signed by a Fedora key) to allow out of the box booting on secure boot enabled hardware. Additionally, they will provide tools and information for users to create their own keys and sign their own copy of boot shim and grub2 and kernel (and whatever else they wish to sign). This plan has been approved by the Fedora Engineering Steering Committee as of 23-Jul-2012.
+
= Background =
  
= Questions and Answers =
+
With the release of Windows 8, Microsoft has decided that all hardware that is marked "Windows 8 client ready" should:
  
Q: I think it would be much better if "Microsoft or UEFI or All hardware OEMs or The Government" would just "do X"
+
* Have secure boot enabled by default.
  
A: Feel free to contact any of the above and ask them to change their plans. Sadly, we can only work with the plans as we know them.  
+
* Allow a physically present user to disable secure boot in the firmware interface.  
  
Q: Are you sure secure boot will be possible to disable in the firmware?
+
* Ship the Microsoft keys in firmware.  
 
 
A: Yes, the Microsoft Windows 8 ready requirements require that to be the case.
 
 
 
Q: Can I remove the Microsoft key and use my own?
 
 
 
A: YES. According to the UEFI and Microsoft Windows 8 ready requirements you can remove all the keys and enroll your own. You will need to sign and install the various components with your new keys.
 
 
 
Q: Whats this about a $99 fee?
 
 
 
A: There is a one time fee of $99 to access the Microsoft sysdev portal in order to get your binaries signed by the Microsoft key (shipped by default in all Windows 8 ready devices).  The Fedora shim binary has been signed via the Microsoft service and the $99 fee has already been paid.  Individual users do not need to pay $99 unless they wish to build their own UEFI applications and get them signed independently.
 
 
 
Q: What if I want to build a custom kernel or load 3rd party kernel modules?
 
 
 
A: You will need to disable Secure boot, or setup your own keys and sign everything with them.
 
 
 
Q: What if I want to make a Fedora remix or distro based on Fedora?
 
 
 
A: If you ship the Fedora boot shim, grub2 and kernel unchanged, your remix or distro will boot on secure boot enabled machines (if the proposed plan is approved).  
 
  
Q: what about ARM?
+
* Allow a physically present user to enrol their own keys in the firmware interface.
  
A: On ARM Microsoft Windows 8 ready requirements say that Secure boot should be enabled by default and cannot be disabled. Fedora has no plans to support secure boot on that platform and suggests buying Non Windows 8 ready hardware.  
+
With the release of Windows 10, Microsoft has dropped this requirement secure boot to provide an option to be disabled and  
 +
has turned it into a suggestion.
  
Q: What about the Fedora ARM folks, if UEFI cannot be disabled ? What will the impact be, if we ever are able to install Fedora on to mobile phone units ? Does this not limit users choice ?
+
*Fedora provides grub2, kernel and associated packages that are loaded by shim which is signed by Verisign (via Microsoft)
 +
*Fedora releases prior to Fedora 18 will refuse to boot until the user disables secure boot in the firmware.
 +
*A Fedora based remix or distribution can use the ship the Fedora boot shim, grub2 and kernel unchanged, your remix or distro will boot on secure boot enabled machines.
  
A: Fedora is not responsible for the Windows 8 ARM requirements.  There is nothing we can do in this case.  See the answer to the above question.
+
= Historical discussion - Steering Committee as of 23-Jul-2012. =
  
Q: Does this apply to servers too?
+
*Q: I think it would be much better if "Microsoft or UEFI or All hardware OEMs or The Government" would just "do X"
 +
*A: Feel free to contact any of the above and ask them to change their plans. Sadly, we can only work with the plans as we know them.
  
A: No. This is a Windows 8 client ready set of requirements. Servers will not have secure boot enabled by default. 
+
*Q: Are you sure secure boot will be possible to disable in the firmware?
 +
*A: Yes, the Microsoft Windows 8 ready requirements require that to be the case.  
  
Q: If I disable Secure boot, and I have a dual boot setup with Fedora and Windows 8, will Windows 8 boot ok?
+
*Q: Can I remove the Microsoft key and use my own?
 +
*A: YES. According to the UEFI and Microsoft Windows 8 ready requirements you can remove all the keys and enroll your own. You will need to sign and install the various components with your new keys.
  
A: Yes. Windows 8 will boot ok with Secure boot disabled.  
+
*Q: Whats this about a $99 fee?
 +
*A: There is a one time fee of $99 to access the Microsoft sysdev portal in order to get your binaries signed by the Microsoft key (shipped by default in all Windows 8 ready devices).  The Fedora shim binary has been signed via the Microsoft service and the $99 fee has already been paid.  Individual users do not need to pay $99 unless they wish to build their own UEFI applications and get them signed independently.
  
Q: What are all these secure boot databases that are talked about?
+
*Q: What if I want to build a custom kernel or load 3rd party kernel modules?
 +
*A: You will need to disable Secure boot, or setup your own keys and sign everything with them.
  
A: There are a number of databases kept by Secure boot:
+
*Q: What if I want to make a Fedora remix or distro based on Fedora?
 +
*A: If you ship the Fedora boot shim, grub2 and kernel unchanged, your remix or distro will boot on secure boot enabled machines (if the proposed plan is approved).
  
signature database (db) - signatures or image hashes of UEFI applications, operating system loaders, and UEFI drivers that can be loaded
+
*Q: what about ARM?
 +
*A: On ARM Microsoft Windows 8 ready requirements say that Secure boot should be enabled by default and cannot be disabled. Fedora has no plans to support secure boot on that platform and suggests buying Non Windows 8 ready hardware.
  
revoked signatures database (dbx) - no longer trusted/loadable signers or image hashes.  
+
*Q: What about the Fedora ARM folks, if UEFI cannot be disabled ? What will the impact be, if we ever are able to install Fedora on to mobile phone units ? Does this not limit users choice ?
 +
*A: Fedora is not responsible for the Windows 8 ARM requirements.  There is nothing we can do in this case.  See the answer to the above question.
  
Key Enrollment Key database (KEK) - database of keys that can be used to update the signature database and revoked signatures database.
+
*Q: Does this apply to servers too?
 +
*A: No. This is a Windows 8 client ready set of requirements. Servers will not have secure boot enabled by default.
  
platform key (PK) - Generated by OEM's, this database/key allows updating KEK or db's.
+
*Q: If I disable Secure boot, and I have a dual boot setup with Fedora and Windows 8, will Windows 8 boot ok?
 +
*A: Yes. Windows 8 will boot ok with Secure boot disabled.  
  
Machine Owner Keys (MoK) - A list similar to db above, but provided by shim itself.  There is a userspace tool called 'mokutil' that allows for easier enrolment of keys from Linux userspace.
+
*Q: What are all these secure boot databases that are talked about?
 +
*A: There are a number of databases kept by Secure boot:
 +
  * (signature database (db) - signatures or image hashes of UEFI applications, operating system loaders, and UEFI drivers that can be loaded
 +
  * revoked signatures database (dbx) - no longer trusted/loadable signers or image hashes.
 +
  * Key Enrollment Key database (KEK) - database of keys that can be used to update the signature database and revoked signatures database.
 +
  * platform key (PK) - Generated by OEM's, this database/key allows updating KEK or db's.
 +
  * Machine Owner Keys (MoK) - A list similar to db above, but provided by shim itself.  There is a userspace tool called 'mokutil' that allows for easier enrolment of keys from Linux userspace.
  
Q: What are the supposed benefits to us all, if Secure Boot is used ? what exactly are they ? (Elaborate a little please)
+
*Q: What are the supposed benefits to us all, if Secure Boot is used ? what exactly are they ? (Elaborate a little please)
  
 
= References =  
 
= References =  
  
Free software Foundation on Secure boot:  
+
*Free software Foundation on Secure boot: http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement
 
+
*Miscrosoft intro to Secure boot tech paper: http://technet.microsoft.com/library/hh824987.aspx
http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/statement
+
*Microsoft Windows 8 requirements: http://msdn.microsoft.com/en-us/library/windows/hardware/jj128256
 
+
*UEFI specs: http://www.uefi.org/specs/agreement
Matthew Garret's post outlining the background and problems and possible Fedora plans:  
 
 
 
http://mjg59.dreamwidth.org/12368.html
 
 
 
Microsoft Windows 8 requirements:  
 
 
 
http://msdn.microsoft.com/en-us/library/windows/hardware/jj128256
 
 
 
UEFI specs:  
 
 
 
http://www.uefi.org/specs/agreement
 
 
 
Source code repo for signing tools:
 
 
 
https://github.com/vathpela/pesign
 
 
 
Source code repo for bootloader shim:
 
 
 
https://github.com/mjg59/shim
 
 
 
Miscrosoft intro to Secure boot tech paper:
 
  
http://technet.microsoft.com/library/hh824987.aspx
+
Related source code repositories:
 +
* signing tools: https://github.com/vathpela/pesign
 +
* bootloader shim: https://github.com/mjg59/shim

Revision as of 12:27, 24 December 2019

What is Secure boot?

Secure boot is a setup using UEFI firmware to check cryptographic signatures on the boot-loader and associated OS kernel to ensure they have not been tampered with or bypassed in the boot process. Secure boot activates a lock-down mode in the Linux kernel which disables various features kernel functionality:

  • Loading kernel modules that are not signed by a trusted key.
  • Using kexec to load an unsigned kernel image.
  • Hibernation and resume from hibernation.
  • User-space access to physical memory and I/O ports.
  • Module parameters that allow setting memory and I/O port addresses.
  • Writing to MSRs through /dev/cpu/*/msr.
  • Use of custom ACPI methods and tables.

Lock-down mode can be disabled by pressing Alt-SysRq-x until the next boot.


Background

With the release of Windows 8, Microsoft has decided that all hardware that is marked "Windows 8 client ready" should:

  • Have secure boot enabled by default.
  • Allow a physically present user to disable secure boot in the firmware interface.
  • Ship the Microsoft keys in firmware.
  • Allow a physically present user to enrol their own keys in the firmware interface.

With the release of Windows 10, Microsoft has dropped this requirement secure boot to provide an option to be disabled and has turned it into a suggestion.

  • Fedora provides grub2, kernel and associated packages that are loaded by shim which is signed by Verisign (via Microsoft)
  • Fedora releases prior to Fedora 18 will refuse to boot until the user disables secure boot in the firmware.
  • A Fedora based remix or distribution can use the ship the Fedora boot shim, grub2 and kernel unchanged, your remix or distro will boot on secure boot enabled machines.

Historical discussion - Steering Committee as of 23-Jul-2012.

  • Q: I think it would be much better if "Microsoft or UEFI or All hardware OEMs or The Government" would just "do X"
  • A: Feel free to contact any of the above and ask them to change their plans. Sadly, we can only work with the plans as we know them.
  • Q: Are you sure secure boot will be possible to disable in the firmware?
  • A: Yes, the Microsoft Windows 8 ready requirements require that to be the case.
  • Q: Can I remove the Microsoft key and use my own?
  • A: YES. According to the UEFI and Microsoft Windows 8 ready requirements you can remove all the keys and enroll your own. You will need to sign and install the various components with your new keys.
  • Q: Whats this about a $99 fee?
  • A: There is a one time fee of $99 to access the Microsoft sysdev portal in order to get your binaries signed by the Microsoft key (shipped by default in all Windows 8 ready devices). The Fedora shim binary has been signed via the Microsoft service and the $99 fee has already been paid. Individual users do not need to pay $99 unless they wish to build their own UEFI applications and get them signed independently.
  • Q: What if I want to build a custom kernel or load 3rd party kernel modules?
  • A: You will need to disable Secure boot, or setup your own keys and sign everything with them.
  • Q: What if I want to make a Fedora remix or distro based on Fedora?
  • A: If you ship the Fedora boot shim, grub2 and kernel unchanged, your remix or distro will boot on secure boot enabled machines (if the proposed plan is approved).
  • Q: what about ARM?
  • A: On ARM Microsoft Windows 8 ready requirements say that Secure boot should be enabled by default and cannot be disabled. Fedora has no plans to support secure boot on that platform and suggests buying Non Windows 8 ready hardware.
  • Q: What about the Fedora ARM folks, if UEFI cannot be disabled ? What will the impact be, if we ever are able to install Fedora on to mobile phone units ? Does this not limit users choice ?
  • A: Fedora is not responsible for the Windows 8 ARM requirements. There is nothing we can do in this case. See the answer to the above question.
  • Q: Does this apply to servers too?
  • A: No. This is a Windows 8 client ready set of requirements. Servers will not have secure boot enabled by default.
  • Q: If I disable Secure boot, and I have a dual boot setup with Fedora and Windows 8, will Windows 8 boot ok?
  • A: Yes. Windows 8 will boot ok with Secure boot disabled.
  • Q: What are all these secure boot databases that are talked about?
  • A: There are a number of databases kept by Secure boot:
 * (signature database (db) - signatures or image hashes of UEFI applications, operating system loaders, and UEFI drivers that can be loaded
 * revoked signatures database (dbx) - no longer trusted/loadable signers or image hashes. 
 * Key Enrollment Key database (KEK) - database of keys that can be used to update the signature database and revoked signatures database.
 * platform key (PK) - Generated by OEM's, this database/key allows updating KEK or db's.
 * Machine Owner Keys (MoK) - A list similar to db above, but provided by shim itself.  There is a userspace tool called 'mokutil' that allows for easier enrolment of keys from Linux userspace.
  • Q: What are the supposed benefits to us all, if Secure Boot is used ? what exactly are they ? (Elaborate a little please)

References

Related source code repositories: