(Queston) If sbctl doesn't use TPM, how does it work?

Foxboron / sbctl

:computer: :lock: :key: Secure Boot key manager

MIT License

1.44k stars 81 forks source link

(Queston) If sbctl doesn't use TPM, how does it work? #152

Closed rrueger closed 2 years ago

rrueger commented 2 years ago

The roadmap to 1.0 states as one of it's goals "TPM support", which seems to imply that sbctl doesn't utilise the TPM at the moment.

How does this work? What is enroll-keys doing in that case?

Do other tools like sbsign, preLoader or shim use the TPM?

I seem to be missing the keywords to search online to get meaningful results.

Notably, Rod Smith's articles (which appear to be the standard reference) on Bootloaders also don't appear to mention TPMs anywhere.

Thanks for clarifying!

Foxboron commented 2 years ago

It stores plain-text keys and certificates on your filesystem. The point about "TPM support" is to have keys be stored and made on the TPM so they can never really be extracted beyond the machine you are using.

sbsing supports the TPM and SmartCards by using the PKCS11 interface. sbctl doesn't support any of this currently.

rrueger commented 2 years ago

Okay. Cool

Presumably, the secret keys are stored in the root filesystem (at /usr/share/secureboot (which is expected to be encrypted at rest with LUKS etc.) and the public keys are stored in the efi storage (in "efi variables" in the NVRAM?) so that the booting firmware can verify that the .efi files are correctly signed?

Foxboron commented 2 years ago

Yep, that is correct :)

The EFI_SIGNATURE_LIST at /sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f contains either valid x509 certificats or a list of sha256 checksums to validate images.

rrueger commented 2 years ago

Thank you!

I can't find EFI_SIGNATURE_LIST in /sys/firmware/efi//efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f though. cating the file or grepping for EFI_SIGNATURE_LIST results in gibberish.

$ efivar -l | grep dad00e67656f
d719b2cb-3d3a-4596-a3bc-dad00e67656f-db

Then

$ efivar
GUID: d719b2cb-3d3a-4596-a3bc-dad00e67656f
Name: "db"
Attributes:
    Non-Volatile
    Boot Service Access
    Runtime Service Access
    Time-Based Authenticated Write Access
Value:
00000000  a1 59 c0 a5 e4 94 a7 4a  87 b5 ab 15 5c 2b f0 72  |.Y.....J....\+.r|
00000010  28 05 00 00 00 00 00 00  0c 05 00 00 31 87 93 b4  |(...........1...|

but doesn't show EFI_SIGNATURE_LIST (the literal).

Is the d719b2cb-3d3a-4596-a3bc-dad00e67656f string a randomly generated UUID for setting the sbctl efivars? I see it is hardcoded in the source

Foxboron commented 2 years ago

EFI_SIGNATURE_LIST is a binary data structure defined in the UEFI specification.

The GUID is pre-defined from the UEFI specification and a "vendor GUID" which is reserved for these variables.

https://uefi.org/sites/default/files/resources/UEFI_Spec_2_8_C_Jan_2021.pdf

rrueger commented 2 years ago

Okay, thank you. Thank you for being so informative!