iPXE discussion forum
Secure Boot and ShimDemo - Printable Version

+- iPXE discussion forum (https://forum.ipxe.org)
+-- Forum: iPXE user forums (/forumdisplay.php?fid=1)
+--- Forum: General (/forumdisplay.php?fid=2)
+--- Thread: Secure Boot and ShimDemo (/showthread.php?tid=30867)



Secure Boot and ShimDemo - dscoular@gmail.com - 2020-09-22 10:49

Hi All,
I'm struggling to understand whether I can get EFI Secure Boot and ipxe working. I've searched the forums and mailing lists and am none the wiser.

I've tried to follow the proof of concept work done here:

https://github.com/ipxe/shimdemo

But, while I managed to compile the various parts, I'm pretty confused as to how those parts are supposed to work together:

$ ls -1
ipxe.efi
ProxyLoader.efi
Shell.efi
Shell.secboot.efi
Shell.vendor.efi
shim.efi

My simplistic understanding is that existing linux OS commonly have a Microsoft signed shim.efi which allows them to launch other bootloaders and kernels registered via the Machine Owners Key (MoK) database used by the shim e.g. when I look at an ubuntu system running under Secure Boot, I see this:

# sbverify --list /boot/efi/EFI/ubuntu/shimx64.efi
warning: data remaining[1171248 vs 1334816]: gaps between PE/COFF sections?
signature 1
image signature issuers:
- /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation UEFI CA 2011
image signature certificates:
- subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Windows UEFI Driver Publisher
issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation UEFI CA 2011
- subject: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation UEFI CA 2011
issuer: /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation Third Party Marketplace Root

However, when I look at the shim.efi produced from the shimdemo project it seems to only have an embedded self-signed key.

# sbverify --list shim.efi
warning: data remaining[1150432 vs 1312888]: gaps between PE/COFF sections?
signature 1
image signature issuers:
- /CN=Secure Boot CA
image signature certificates:
- subject: /CN=Secure Boot CA
issuer: /CN=Secure Boot CA

The instructions seem to hint at adding this to the EFI "db" vars and the boot order being something like:

  1. UEFI PXE network secure boot
  2. shim.efi (signed by "secboot" certificate, enrolled in "db")
  3. ipxe.efi (signed by "vendor" certificate)
  4. Fedora kernel (signed by "fedora" certificate)

Is the expectation that we sign the shimdemo shim.efi with a valid Microsoft certificate (a potentially long and costly process) OR can we use the self-signed "secboot" certificate but somehow enroll it into the appropriate EFI variables, perhaps, using Linux efitools (my firmware seems to have no mechanism for adding or removing the various EFI Key Exchange Keys (KeKs) and Signature Databases)?

Apologies for being thoroughly confused.

Any advice hugely appreciated!

Cheers

Doug