search

Drive-Trust-Alliance / sedutil

DTA sedutil Self encrypting drive software
613 stars 237 forks source link

[HowTo] SecureBoot support #259

Open dartraiden opened 6 years ago

dartraiden commented 6 years ago

Prerequisites: Linux system with openssl, efitools, and sbsigntool packages.

Generate your own PK, KEK, and ISK keys

openssl req -new -x509 -newkey rsa:2048 -sha256 -days 3650 -subj "/CN=Platform Key" -keyout PK.key -out PK.pem -nodes openssl req -new -x509 -newkey rsa:2048 -sha256 -days 3650 -subj "/CN=Key Exchange Key" -keyout KEK.key -out KEK.pem -nodes openssl req -new -x509 -newkey rsa:2048 -sha256 -days 3650 -subj "/CN=Image Signing Key" -keyout ISK.key -out ISK.pem -nodes

You can omit -nodes and protect keys by passwords if you wish. You will need to enter these passwords when signing keys and bootloader in the commands below.

You can specify rsa:4096 for better security, but not all BIOSes will accept 4096-bit keys.

Convert keys to ESL format

cert-to-efi-sig-list -g "$(uuidgen)" PK.pem PK.esl cert-to-efi-sig-list -g "$(uuidgen)" KEK.pem KEK.esl cert-to-efi-sig-list -g "$(uuidgen)" ISK.pem ISK.esl

-g adds random GUIDs generated by the uuidgen tool.

Obtain Microsoft keys

If you want to boot Windows you need to add Microsoft Windows Production CA 2011 key to ISK.esl.

Also, if you want to boot Linux LiveCDs, or do not want to sign the Linux kernel and the Linux loader by yourself, or load GOP/PXE-driver for discrete videocard/network card, you need to add Microsoft UEFI driver signing CA key to ISK.esl.

openssl x509 -in MicWinProPCA2011_2011-10-19.crt -inform DER -out MsWin.pem -outform PEM openssl x509 -in MicCorUEFCA2011_2011-06-27.crt -inform DER -out UEFI.pem -outform PEM cert-to-efi-sig-list -g "$(uuidgen)" MsWin.pem MsWin.esl cert-to-efi-sig-list -g "$(uuidgen)" UEFI.pem UEFI.esl

Create db.esl

If you don't want to add MS keys cat ISK.esl > db.esl

If you want to add MS keys cat ISK.esl MsWin.esl UEFI.esl > db.esl

Sign .esl

Sign PK by itself sign-efi-sig-list -k PK.key -c PK.pem PK PK.esl PK.auth

Sign KEK by PK sign-efi-sig-list -k PK.key -c PK.pem KEK KEK.esl KEK.auth

Sign db by KEK sign-efi-sig-list -k KEK.key -c KEK.pem db db.esl db.auth

Sign bootloader and kernel

Obtain UEFI64.img.gz and extract UEFI64-1.15.1.img

Let's see what's inside fdisk -l UEFI64-1.15.1.img

Disk UEFI64-1.15.1.img: 32 MiB, 33554432 bytes, 65536 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 122B2319-F607-4F0A-AFEC-0217461A83AC

Device             Start   End Sectors Size Type
UEFI64-1.15.1.img1  2048 65502   63455  31M EFI System

Mount UEFI64-1.15.1.img

sudo mkdir /media/PBA
sudo mount -t msdos -o loop,rw,uid=$(id -u),gid=$(id -g),offset=1048576 UEFI64-1.15.1.img /media/PBA

offset=partition_start sector_size=2048512=1048576

Copy /media/PBA/efi/boot/bootx64.efi to ~/

sbsign --key ISK.key --cert ISK.pem bootx64.efi
rm bootx64.efi
mv bootx64.efi.signed bootx64.efi

Replace original file in /media/PBA/efi/boot/ by signed one. Unmount image

sudo umount /media/PBA
sudo rm -rf /media/PBA

Deploy keys and sedutil

Now you have UEFI64-1.15.1.img containing signed bootloader, and three .auth files: db.auth, KEK.auth, and PK.auth. Disable SecureBoot and follow the instructions from wiki. Remember that you must use a modified UEFI64-x.xx.img not the original one.

Make sure the sedutil works correctly so you can decrypt the disk and load the operating system.

Now you should add auth-files db.auth, KEK.auth, and PK.auth in the same order to the firmware. See screenshots — they are clear without words.

Finally, enable SecureBoot in BIOS and try to boot.

dtbartle commented 5 years ago

I've only started looking into this, but could you instead just use Ubuntu's signed kernel and bootloader? My understanding from reading through https://wiki.ubuntu.com/UEFI/SecureBoot is that they're primarily concerned with ensuring that the kernel (and any modules) are signed. Since the PBA ultimately only runs custom userland code (and not a customized kernel) that ought to work?

dartraiden commented 5 years ago

https://github.com/Drive-Trust-Alliance/sedutil/issues/181#issuecomment-368249427

OliverO2 commented 5 years ago

@dtbartle https://github.com/Drive-Trust-Alliance/sedutil/issues/259#issuecomment-450846177

I've only started looking into this, but could you instead just use Ubuntu's signed kernel and bootloader? My understanding from reading through https://wiki.ubuntu.com/UEFI/SecureBoot is that they're primarily concerned with ensuring that the kernel (and any modules) are signed. Since the PBA ultimately only runs custom userland code (and not a customized kernel) that ought to work?

See here for an easy-to-use secure boot PBA implementation which does just this (if you are on Ubuntu): https://github.com/Drive-Trust-Alliance/sedutil/issues/301#issuecomment-555552669