This patch set contains v3 of the consolidated version of the patch sets for secure boot using appended signatures on powerpc, rebased on top of git HEAD.
The v2 series is at https://mail.gnu.org/archive/html/grub-devel/2025-03/msg00183.html Changes since v2: - Daniel Kiper review comments addressed: - v3 patch 1: correct the unreliable check conditions, coding style and complain loudly if somebody attempts to generate PE image with appended signature. reduce one step in signing process and added those in grub-install/grub-mkimage. - v3 patch 3: added the GRUB signing process for single and multi signature. - v3 patch 4: added fake grub_dl_is_persistent for the emu target. - v3 patch 5: correct coding style. - v3 patch 7, 8: Split these into two from v2 patch 7. - v3 patch 9: correct the coding style and updated GNUTLS ASN.1 description files. - v3 patch 10, 11, 12: Split these into three from v2 patch 9 and correct coding style. - v3 patch 13: correct the unreliable check conditions and coding style. - Gary Lin review comments addressed: - v3 patch 13: the changes for libtasn1.h merged into the patch 10, 11, 12 - v3 patch 24: fixed the bug in grub_cmd_distrusted_cert function and appendedsig tests. Also, correct the code style from patch-1 to patch 25 Linux on Power LPAR secure boot ensures the integrity of the Linux boot stack. The hypervisor and partition firmware are part of the core root of trust. The partition firmware verifies the signature on the GRUB image before handing control to GRUB. Similarly, GRUB verifies the signature on the kernel image before booting the OS. This ensures that every image running at the boot time is verified and trusted. UEFI platforms relies on PECOFF based signature scheme. Since Power is not a UEFI platform, an alternative mechanism is needed. Power already uses appended signatures on the Linux Kernel, and is now extended to sign the grub as well. Linux on Power also allows multiple signers, and if any one of the signature passes, then the image passes the validation. Appended signature scheme uses CMS structure to contain signatures. On Power, the multiple signature support relies on the multiple signers features already supported by CMS standards. It does require that all the signers should sign at the same time and are not allowed to add or remove the signatures randomly. By default, Linux LPAR secure boot uses static key management[1]. This means that each image embeds the keys it needs to verify the image it loads. For example, the keys used to verify the GRUB image are built into the firmware image. Similarly, the keys used for verifying the kernel image are built into the GRUB image. These are pre-defined keys and they cannot be modified at runtime. The drawback of this approach is that key rotations results in both firmware and OS updates. This is where dynamic key management is useful. An admin can switch from static keys to dynamic keys by coordinating with Hardware Management Console(HMC) admin and enabling the required flags for the given LPAR. The dynamic key management relies on the Platform KeyStore(PKS)[2] storage allocation for each LPAR with individually managed access controls to store sensitive information securely. Once switched to dynamic keys, HMC advertises this flag to the PowerVM, which then initializes the PKS with the default secvars. It also creates a variable SB_VERSION that represents the secure boot key management mode. The default secvars are used by Partition firmware, grub and the linux kernel to reads keys for verification. These secvars can be managed by user interface exposed via linux kernel. The linux kernel already supports this interface and it is available in the upstream kernel. This patchset adds the appended signature support both for signing and verification and the key management to the grub component. The whole patchset can be split into following four main parts: The series has following four main parts: 1.) Sign grub.elf with an appended signature. (Patches 1 - 3) These patches provide some infrastructure and documentation for signing grub's core.elf with a Linux-kernel-module style appended signature. An appended signature is a 'dumb' signature over the contents of a file. (It is distinct from schemes like Authenticode that are aware of the structure of the file and only sign certain parts.) The signature is wrapped in a PKCS#7 message, and is appended to the signed file along with some metadata and a magic string. The signatures are validated against a public key which is usually provided as an x509 certificate. Because some platforms, such as powerpc-ieee1275, may load grub from a raw disk partition rather than a filesystem, we extend grub-install to add an ELF note that allows us to specify the size and location of the signature. 2.) Enable appended signature verification using builtin keys (Patches 4 - 10). Part of a secure boot chain is allowing grub to verify the boot kernel. For UEFI platforms, this is usually delegated to the shim. However, for platforms that do not implement UEFI, an alternative scheme is required. This part teaches grub how to verify Linux kernel-style appended signatures. Kernels on powerpc are already signed with this scheme and can be verified by IMA for kexec. As PKCS#7 messages and x509 certificates are both based on ASN.1, we import libtasn1 to parse them. Because ASN.1 isn't self-documenting, we import from GNUTLS the information we need to navigate their structure. This section is composed of the following patches: - patch 4 is a small fix to allow persistent modules to work on the emu target. - patches 5 and 6 are small refactorings. - patch 7 and 8 allows x509 certificates to be built in to the grub core in much the same way as PGP keys. - patch 9 brings in the code from GNUTLS that allows us to parse PKCS#7 and x509 with libtasn1. - patch 10, 11 and 12 is our PKCS#7 and x509 parser. They're minimal and fairly strict parsers that extract only the bits we need to verify the signatures. - patch 13 is the guts of the appended signature verifier. It uses the verifier infrastructure like pgp, and adds a number of user-friendly commands that mirror the pgp module. - patch 14 adds tests, and patch 15 adds documentation. 3.) Enable lockdown if secure boot is enabled (Patch 16) If the 'ibm,secure-boot' property of the root node is 2 or greater, enter lockdown.The main appended signature module now tests for lockdown to enter 'forced' mode. 4.) Enable accessing keys dynamically from Platform KeyStore (Patch 17 - 25) This part teaches grub how to read db and dbx variables from platform keystore using client interface call then load keys from those two variable, and use it to verify Linux kernel. This section is composed of the following patches: - patch 17 is an exposes an interface in ieee1275 for reading secure boot variable db and dbx from Platform Keystore. - patch 18 is a read secure boot variables such as db and dbx from PKS and extract certificates from ESL. - patch 19 is creates the trusted and distrusted lists. - patch 20 is verify the kernel using trusted and distrusted lists - patch 21 sets the use_static_keys flag if DB not available in PKS, and patch 22 is reads the DB default keys from ELF Note and store it in trusted lists if use_static_keys flag is set. - patch 23 adds trusted and distrusted commands, and patch 24 adds documentation. - patch 25 adds trusted_certificate and distrusted_certificate commands in appendedsig tests. Thanks to Daniel Kiper and Gary Lin for providing review comments on v2. I've pushed this all to https://github.com/SudhakarKuppusamy1/grub/tree/appendedsig-2.13 [1]https://www.ibm.com/docs/en/linux-on-systems?topic=servers-guest-secure-boot-static-keys [2]https://community.ibm.com/community/user/power/blogs/chris-engel1/2020/11/20/powervm-introduces-the-platform-keystore Alastair D'Silva (1): grub-install: support embedding x509 certificates Daniel Axtens (13): docs/grub: Document signing GRUB under UEFI docs/grub: Document signing GRUB with an appended signature dl: provide a fake grub_dl_set_persistent and grub_dl_is_persistent for the emu target pgp: factor out rsa_pad crypto: move storage for grub_crypto_pk_* to crypto.c appended signatures: import GNUTLS's ASN.1 description files appended signatures: parse ASN1 node appended signatures: parse PKCS#7 signedData appended signatures: parse X.509 certificates appended signatures: support verifying appended signatures appended signatures: verification tests appended signatures: documentation ieee1275: enter lockdown based on /ibm,secure-boot Rashmica Gupta (1): powerpc-ieee1275: Add support for signing GRUB with an appended signature Sudhakar (1): PGP: renames the OBJ_TYPE_PUBKEY Sudhakar Kuppusamy (9): ieee1275: Platform Keystore (PKS) Support ieee1275: Read the DB and DBX secure boot variables appendedsig: The creation of trusted and distrusted lists appendedsig: While verifying the kernel, use trusted and distrusted lists powerpc_ieee1275: set use_static_keys flag appendedsig: Reads the default DB keys from ELF Note appendedsig: The grub command's trusted and distrusted support appendedsig: documentation appendedsig: correcting the grub commands in appended signature tests docs/grub.texi | 290 +++- grub-core/Makefile.am | 2 + grub-core/Makefile.core.def | 32 + grub-core/commands/appendedsig/appendedsig.c | 1456 +++++++++++++++++ grub-core/commands/appendedsig/appendedsig.h | 108 ++ grub-core/commands/appendedsig/asn1util.c | 96 ++ .../commands/appendedsig/gnutls_asn1_tab.c | 148 ++ grub-core/commands/appendedsig/pkcs7.c | 454 +++++ .../commands/appendedsig/pkix_asn1_tab.c | 485 ++++++ grub-core/commands/appendedsig/x509.c | 954 +++++++++++ grub-core/commands/pgp.c | 34 +- grub-core/kern/file.c | 34 + grub-core/kern/ieee1275/init.c | 48 + grub-core/kern/powerpc/ieee1275/ieee1275.c | 141 ++ .../kern/powerpc/ieee1275/platform_keystore.c | 346 ++++ grub-core/lib/crypto.c | 4 + grub-core/lib/pkcs1_v15.c | 63 + grub-core/term/tparm.c | 1 - grub-core/tests/appended_signature_test.c | 248 +++ grub-core/tests/appended_signatures.h | 975 +++++++++++ grub-core/tests/lib/functional_test.c | 1 + include/grub/dl.h | 21 +- include/grub/file.h | 3 + include/grub/kernel.h | 3 +- include/grub/lockdown.h | 3 +- include/grub/pkcs1_v15.h | 27 + include/grub/powerpc/ieee1275/ieee1275.h | 18 + .../grub/powerpc/ieee1275/platform_keystore.h | 234 +++ include/grub/types.h | 11 + include/grub/util/install.h | 13 +- include/grub/util/mkimage.h | 4 +- util/grub-install-common.c | 44 +- util/grub-mkimage.c | 34 +- util/grub-mkimagexx.c | 40 +- util/mkimage.c | 46 +- 35 files changed, 6350 insertions(+), 71 deletions(-) create mode 100644 grub-core/commands/appendedsig/appendedsig.c create mode 100644 grub-core/commands/appendedsig/appendedsig.h create mode 100644 grub-core/commands/appendedsig/asn1util.c create mode 100644 grub-core/commands/appendedsig/gnutls_asn1_tab.c create mode 100644 grub-core/commands/appendedsig/pkcs7.c create mode 100644 grub-core/commands/appendedsig/pkix_asn1_tab.c create mode 100644 grub-core/commands/appendedsig/x509.c create mode 100644 grub-core/kern/powerpc/ieee1275/ieee1275.c create mode 100644 grub-core/kern/powerpc/ieee1275/platform_keystore.c create mode 100644 grub-core/lib/pkcs1_v15.c create mode 100644 grub-core/tests/appended_signature_test.c create mode 100644 grub-core/tests/appended_signatures.h create mode 100644 include/grub/pkcs1_v15.h create mode 100644 include/grub/powerpc/ieee1275/platform_keystore.h -- 2.49.0 _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
