The SELoader is designed to authenticate the non-PE files, such as grub configuration, initrd, grub modules, which cannot be verified by the MOK Verify Protocol registered by shim loader.
In order to conveniently authenticate the PE file with gBS->LoadImage() and gBS->StartImage(), the SELoader hooks EFI Security2 Architectural Protocol and employs MOK Verify Protocol to verify the PE file. If only UEFI Secure Boot is enabled, the SELoader just simplily calls gBS->LoadImage() and gBS->StartImage() to allow BIOS to verify PE file.
The SELoader publishes MOK2 Verify Protocol which provides a flexible interface to allow the bootloader to verify the file, file buffer or memory buffer without knowing the file format.
In order to establish the chain of trust, the SELoader is required to be signed by a private key corresponding to a DB certificate, the shim certificate, the vendor certificate or a shim MOK certificate. The specific key is determined by the Secure Boot scheme you will use.
Using UEFI Secure Boot, MOK Verify Protocol and the SELoader together, the boot process is completely trustworthy.
A typical ESP layout for x86-64 looks like below, e.g,
. ├── EFI │ └── BOOT │ ├── bootx64.efi │ ├── grub.cfg │ ├── grub.cfg.p7b │ ├── grubx64.efi │ ├── Hash2DxeCrypto.efi │ ├── LockDown.efi │ ├── mmx64.efi │ ├── Pkcs7VerifyDxe.efi │ ├── SELoaderx64.efi │ └── x86_64-efi │ ├── ... │ ├── mok2verify.mod │ └── ... ├── images │ ├── bzImage │ ├── bzImage.p7b │ ├── initrd │ └── initrd.p7b └── startup.nsh
where:
All efi binaries are signed with either DB.key or vendor_cert.key per the secure boot scheme you choose. Refer to meta-secure-env for practical secure boot implementation, and the signing tool sbsigntool.
Note that the SELoader can be also used alone without the shim loader.
The SELoader employs EFI PKCS7 Verify Protocol available since UEFI Specification version 2.5 to verify the signature to prove the integrity of checked file.
If your BIOS doesn't support this protocol, it is recommended to update the BIOS to the latest. If the latest still doesn't support the protocol, the SELoader is able to load the Pkcs7VerifyDxe.efi driver if available. Usually, the Pkcs7VerifyDxe.efi driver is located in the directory where the SELoader resides on ESP.
You can build the Pkcs7VerifyDxe.efi driver from the scratch if you would like to do it. Refer to Bin/README for the instructions.
libsign - the signing tool used to generate SELoader PKCS#7 signature https://github.com/jiazhang0/libsign
grub - Mok2Verify patch to verify the grub.cfg, linux kernel and initrd https://github.com/jiazhang0/meta-secure-core/blob/master/meta-efi-secure-boot/recipes-bsp/grub/grub-efi/mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch
shim - implement MOK verify protocol https://github.com/rhboot/shim
meta-secure-core - a practical secure boot implementation based on oe-core https://github.com/jiazhang0/meta-secure-core
SecureCore - a complete OpenEmbedded/Poky-compatible reference implementation based on meta-secure-core https://github.com/jiazhang0/SecureCore