Shim 15.4 - shimx64.efi and shimia32.efi for MicroFocus ZENworks

[MuthuvelKuppusamy]

Make sure you have provided the following information:

• [X] link to your code branch cloned from rhboot/shim-review in the form user/repo@tag https://github.com/MuthuvelKuppusamy/shim-review/releases/tag/microfocus-shim-x64-ia32-20210602
• [X] completed README.md file with the necessary information
• [X] shim.efi to be signed
• [X] public portion of your certificate(s) embedded in shim (the file passed to VENDOR_CERT_FILE)
• [ ] binaries, for which hashes are added do vendor_db ( if you use vendor_db and have hashes allow-listed )
• [ ] any extra patches to shim via your own git tree or as files
• [ ] any extra patches to grub via your own git tree or as files
• [X] build logs
• [X] a Dockerfile to reproduce the build of the provided shim EFI binaries

What organization or people are asking to have this signed:

Micro Focus

What product or service is this for:

ZENworks - Unified Endpoint Management solution - (Imaging)

Please create your shim binaries starting with the 15.4 shim release tar file:

https://github.com/rhboot/shim/releases/download/15.4/shim-15.4.tar.bz2

This matches https://github.com/rhboot/shim/releases/tag/15.4 and contains

the appropriate gnu-efi source.

Please confirm this as the origin your shim.

Yes, Used the https://github.com/rhboot/shim/releases/download/15.4/shim-15.4.tar.bz2 and added critical patches from https://github.com/rhboot/shim-review/issues/165 & patch for precedence for ProxyOfferReceived over dhcpAck for IPv4/6

What's the justification that this really does need to be signed for the whole world to be able to boot it:

We support software tools for Operating Systems Backup/Restore/Deployment for Windows and Linux. This tool is used on millions of end-point devices to manage day-to-day IT activities.Minimal Suse Linux Enterprise(SLE) distro (or) Windows Preboot Environment(WinPE) distro used to secure-boot the device in USB/CD/PXE mode.

How do you manage and protect the keys used in your SHIM?

Keys are stored in HSM with restricted access.

Do you use EV certificates as embedded certificates in the SHIM?

No.

If you use new vendor_db functionality, are any hashes allow-listed, and if yes: for what binaries ?

No.

Is kernel upstream commit 75b0cea7bf307f362057cc778efe89af4c615354 present in your kernel, if you boot chain includes a Linux kernel ?

Yes, latest Suse Linux Enterprise Server kernel 5.3.18+ ( SLES15SP3 ) has this fix.

if SHIM is loading GRUB2 bootloader, are CVEs CVE-2020-14372,

CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779,

CVE-2021-20225, CVE-2021-20233, CVE-2020-10713, CVE-2020-14308,

CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705,

( July 2020 grub2 CVE list + March 2021 grub2 CVE list )

and if you are shipping the shim_lock module CVE-2021-3418

fixed ?

Yes, using grub2.04+patches from suse build,which has this all patches included.

"Please specifically confirm that you add a vendor specific SBAT entry for SBAT header in each binary that supports SBAT metadata

( grub2, fwupd, fwupdate, shim + all child shim binaries )" to shim review doc ?

Please provide exact SBAT entries for all SBAT binaries you are booting or planning to boot directly through shim

For shim:

sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md shim,1,UEFI shim,shim,1,https://github.com/rhboot/shim shim.MFZENworks,1,MicroFocus,shim,15.4-0-ZENworks1,https://www.microfocus.com/

For grub:

sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md grub,1,Free Software Foundation,grub,2.04,https://www.gnu.org/software/grub/ grub.sle,1,SUSE Linux Enterprise,grub2,2.04,mail:security-team@suse.de grub.MFZENworks,1,MicroFocus,grub2,2.04-0-ZENworks1,https://www.microfocus.com/

Were your old SHIM hashes provided to Microsoft ?

Yes.

Did you change your certificate strategy, so that affected by CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749,

CVE-2020-27779, CVE-2021-20225, CVE-2021-20233, CVE-2020-10713,

CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705 ( July 2020 grub2 CVE list + March 2021 grub2 CVE list )

grub2 bootloaders can not be verified ?

We switched to new certificate now for shim15.4 signing, which blocks all the older signed grub2 binaries.

What exact implementation of Secureboot in grub2 ( if this is your bootloader ) you have ?

Upstream grub2 shim_lock verifier or Downstream RHEL/Fedora/Debian/Canonical like implementation ?

Downstream RHEL/Fedora/Debian/Canonical like implementation.

What is the origin and full version number of your bootloader (GRUB or other)?

grub2.04 and all the applicable patches from suse, which includes ( July 2020 grub2 CVE list + Marh 2021 grub2 CVE list) fixes.

If your SHIM launches any other components, please provide further details on what is launched

In case of PXE boot, we launch our custom efi binary, which talks to our server and get the work details and loads the SUSE-Linux or WinPE based on the work type.

If your GRUB2 launches any other binaries that are not Linux kernel in SecureBoot mode,

please provide further details on what is launched and how it enforces Secureboot lockdown

No.

If you are re-using a previously used (CA) certificate, you

will need to add the hashes of the previous GRUB2 binaries

exposed to the CVEs to vendor_dbx in shim in order to prevent

GRUB2 from being able to chainload those older GRUB2 binaries. If

you are changing to a new (CA) certificate, this does not

apply. Please describe your strategy.

We switched to new certificate now for shim15.4 signing, which blocks all the older signed grub2 binaries.

How do the launched components prevent execution of unauthenticated code?

Used shim_lock to validate the chain loaded binaries.

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

No.

What kernel are you using? Which patches does it includes to enforce Secure Boot?

Suse Linux Enterprise kernel 5.3.18+ (SLES15SP3), which has the all the required patches to enforce the secure boot.

What changes were made since your SHIM was last signed?

Added precedence for proxyDhcpOfferRecieved patch for IPv6.

What is the SHA256 hash of your final SHIM binary?

shimx64.efi hash : 41cb299fe8b93f188a8bf53fdbf0aa2d2742b31421f951e4ad41232ebc319394 shimia32.efi hash : ecaee8b2de1c6dc1d9ef0aab74b75b13a913caa32cb06488b314be3270512e9f

[julian-klode]

Did you test it? You did not include the patch to make ia32 work, see #165

[MuthuvelKuppusamy]

Thanks for information. Do I need to wait for shim15.5?

[julian-klode]

You could also resubmit 15.4 with the patches. We're not going to see 15.5 before next week at least.

Also, given that your grub is derived from suse, you probably should include their grub.sle (don't know the exact one) entries too, such that we can save space if we need to revoke suse patchset as we can avoid adding an extra grub.MFZENworks revocation.

I've not looked at other stuff much, probably we ought to have a conversation about your custom second stage to make sure it's sufficiently secure. Like which calls do you use specifically to validate and load the next images.

Also, we should validate your email addresses by sending you emails, especially given that the repo is not published from a Microfocus GitHub account/group, but I'm actually working on other stuff, just leaving it here for a reviewer.

[MuthuvelKuppusamy]

ShimLockGuid is used in method gBS->LocateProtocol() to locate the protocol. Once we get shim_lock protocol, we are accessing shim_lock->Verify method to validate the chain loaded binary.

[MuthuvelKuppusamy]

Updated the build with required patches from #165. Updated the grub SBAT section as well.

[MuthuvelKuppusamy]

@julian-klode : could you please review and let me know if any other stuff required.

[miray-tf]

Shim builds are reproducible

Binaries are identical and hashes match:

• SHA256 hashes match and are identical to hashes in Readme.md: 69934ecab81e77a24282fee2810dc904d2b1ee42366f3fd5e127ab3e5b6f394b shimia32.efi 57e9dd10206ad704516349813cc223cd8b2e6910e86b6d196ccd3e27b1763a86 shimx64.efi

• pesig hashes match shimia32.efi hash: ecaee8b2de1c6dc1d9ef0aab74b75b13a913caa32cb06488b314be3270512e9f shimx64.efi hash: 41cb299fe8b93f188a8bf53fdbf0aa2d2742b31421f951e4ad41232ebc319394

SBat data matches information from submission and looks sensible

build-x64/shimx64.efi:     file format pei-x86-64

Contents of section .sbat:
 d0000 73626174 2c312c53 42415420 56657273  sbat,1,SBAT Vers
 d0010 696f6e2c 73626174 2c312c68 74747073  ion,sbat,1,https
 d0020 3a2f2f67 69746875 622e636f 6d2f7268  ://github.com/rh
 d0030 626f6f74 2f736869 6d2f626c 6f622f6d  boot/shim/blob/m
 d0040 61696e2f 53424154 2e6d640a 7368696d  ain/SBAT.md.shim
 d0050 2c312c55 45464920 7368696d 2c736869  ,1,UEFI shim,shi
 d0060 6d2c312c 68747470 733a2f2f 67697468  m,1,https://gith
 d0070 75622e63 6f6d2f72 68626f6f 742f7368  ub.com/rhboot/sh
 d0080 696d0a73 68696d2e 4d465a45 4e776f72  im.shim.MFZENwor
 d0090 6b732c31 2c4d6963 726f466f 6375732c  ks,1,MicroFocus,
 d00a0 7368696d 2c31352e 342d302d 5a454e77  shim,15.4-0-ZENw
 d00b0 6f726b73 312c6874 7470733a 2f2f7777  orks1,https://ww
 d00c0 772e6d69 63726f66 6f637573 2e636f6d  w.microfocus.com
 d00d0 2f0a                                 /.              

build-ia32/shimia32.efi:     file format pei-i386

Contents of section .sbat:
 9f000 73626174 2c312c53 42415420 56657273  sbat,1,SBAT Vers
 9f010 696f6e2c 73626174 2c312c68 74747073  ion,sbat,1,https
 9f020 3a2f2f67 69746875 622e636f 6d2f7268  ://github.com/rh
 9f030 626f6f74 2f736869 6d2f626c 6f622f6d  boot/shim/blob/m
 9f040 61696e2f 53424154 2e6d640a 7368696d  ain/SBAT.md.shim
 9f050 2c312c55 45464920 7368696d 2c736869  ,1,UEFI shim,shi
 9f060 6d2c312c 68747470 733a2f2f 67697468  m,1,https://gith
 9f070 75622e63 6f6d2f72 68626f6f 742f7368  ub.com/rhboot/sh
 9f080 696d0a73 68696d2e 4d465a45 4e776f72  im.shim.MFZENwor
 9f090 6b732c31 2c4d6963 726f466f 6375732c  ks,1,MicroFocus,
 9f0a0 7368696d 2c31352e 342d302d 5a454e77  shim,15.4-0-ZENw
 9f0b0 6f726b73 312c6874 7470733a 2f2f7777  orks1,https://ww
 9f0c0 772e6d69 63726f66 6f637573 2e636f6d  w.microfocus.com
 9f0d0 2f0a                                 /.              

Patches

prefer_proxyOfferReceived patch looks ok to me Other patches are from upstream

Regarding Kernel and Grub:

A shim for SUSE-SLES15.3 was approved in #155 If Kernel and Grub are built from those it should be fine.

Certificate

I don't know the requirements for certificates, so I cannot say anything on that point. To me it looks like it is self signed with a 10 year duration. But I don't know if that is acceptable or not. I think @julian-klode or @steve-mcintyre would have to comment on that.

[steve-mcintyre]

• everything reproduces ok here
• SBAT looks good
• patches look ok
• cert is fine

[steve-mcintyre]

However - going back to @julian-klode's early point in his check - we don't have any link to confirm this shim is anything to do with MicroFocus. I've just sent mails to Muthuvel and Anand, each containing a set of random words. Please copy those word lists here to confirm that you at least have control of those email addressed.

[MuthuvelKuppusamy]

Thanks for the review. Mail content are below,

sheepskin dashing Kojak euphemisms Austin curtseying inequity

[steve-mcintyre]

ACK, please prod Anand too!

[Anand-N-MF]

Hi, here's my confirmation. Thanks.

rouge Curtis revolutionist pennyweight tramping albs fluorescing

[steve-mcintyre]

Cool, looks good. Thanks @MuthuvelKuppusamy @Anand-N-MF

[steve-mcintyre]

Given that I can't see your second stage, I think I'm done here. Marking accepted.