Backup system keys in case there are option ROMs that need to be included

osresearch / safeboot

Scripts to slightly improve the security of the Linux boot process with UEFI Secure Boot and TPM support

https://safeboot.dev/

GNU General Public License v2.0

271 stars 28 forks source link

Backup system keys in case there are option ROMs that need to be included #84

Open osresearch opened 4 years ago

osresearch commented 4 years ago

Some systems need option ROMs to boot up; there should be a way to sign these additional keys as part of setting up safeboot.

orangecms commented 4 years ago

Some more details :)

Possible scenario

When a system has no internal GPU and the external GPU's option ROM can't be verified, that's a deadlock.

Workarounds

reflash externally to reset the NVRAM storage. This is not too easy for everyone and requires equipment.
be lucky to be able to replace the CPU with another one that has an internal GPU (like AMD's APUs). This chance is not always given, either.
"most vendors implement a feature where if you set the clear CMOS jumper the firmware will also reset the SecureBoot variables back to the factory defaults." This is to be verified and a list of vendors known to do that (or specific boards if applicable) would help.
find a video card where the option ROM is legacy only (doesn't have a UEFI GOP driver) since "it's illegal to run the CSM with SecureBoot on" (by spec). That may turn off SecureBoot and/or allow to enter the Setup menu. Again, this needs verification per OEM/vendor/board.

NetSysFire commented 4 years ago

Using the clear CMOS jumper (in this case it was JBAT1) on my board (MSI B450M-A PRO MAX) did not help. I also removed the CMOS battery and waited, but this also did not work. Before adding custom keys and enabling SecureBoot, I verified that JBAT1 would reset the BIOS. I contacted MSI and they said SecureBoot with custom keys would block GOP and I should use a CPU with an integrated GPU/APU to recover, but I could not test this yet.

NetSysFire commented 4 years ago

Update: MSI replied and they said I have to use Microsofts db certs. Seems like I would have to do this

abouvier commented 3 years ago

You can extract the GOP from the VBIOS of your GPU, sign it with your key, and reflash your card. No need of Microsoft keys after that.

savchenko commented 3 years ago

@abouvier , could you contribute a short "howto"?

abouvier commented 3 years ago

Sorry, I did this two years ago (with an AMD Radeon RX Vega 56 card) and I didn't remember exactly all the steps. But you need:

UEFIRomExtract to get the EFI PE32 image file (the uncompressed GOP I guess) directly from the VBIOS
sbsigntools to sign this image file with your key
EfiRom from the EDK II Build Tools Project to reconstruct/recompress the signed image file into a valid GOP
GOPupd to replace the original GOP of the VBIOS by the signed one
And also a bit of manual hexadecimal manipulations to correct the size of the new GOP in the VBIOS header if I remember correctly

GOPupd actually contains all the tools required to do this, and also updated GOP files for many GPU cards.

osresearch commented 3 years ago

The discussion over at https://github.com/Foxboron/sbctl/issues/85#issuecomment-886539689 led to the observation that we can add the hashes of the option roms to the db variable and in https://github.com/Foxboron/sbctl/issues/85#issuecomment-886621029 we figured out that the eventlog includes the authenticode hashes that need to be signed. This means that we could have a way to scan the eventlog for EV_EFI_BOOT_SERVICES_DRIVER entries and prompt the user to sign them if necessary.