shim 15.8 (64bit and 32bit) for baramundi Management Suite

[MarkusSpier]

Confirm the following are included in your repo, checking each box:

• [x] completed README.md file with the necessary information
• [x] shimia32.efi to be signed
• [x] shimx64.efi to be signed
• [x] public portion of your certificate(s) embedded in shim (the file passed to VENDOR_CERT_FILE)
• [x] binaries, for which hashes are added to vendor_db ( if you use vendor_db and have hashes allow-listed )
• [x] any extra patches to shim via your own git tree or as files
• [x] any extra patches to grub via your own git tree or as files
• [x] build logs
• [x] a Dockerfile to reproduce the build of the provided shim EFI binaries

---

What is the link to your tag in a repo cloned from rhboot/shim-review?

---

https://github.com/baramundisoftware/ShimReview_2024/tree/baramundi_ShimReview_2024_05_24

---

What is the SHA256 hash of your final SHIM binary?

---

shimx64.efi: 8caa3da0defbfa7d9fbb33f573a4d0f308712957883de46e21c9f4292cd0ceb9 shimia32.efi: 1fe41f9d836f64d299d790d7b6ba14d7f5c93f73014d08468814f307d86de4a8

---

What is the link to your previous shim review request (if any, otherwise N/A)?

---

N/A

---

If no security contacts have changed since verification, what is the link to your request, where they've been verified (if any, otherwise N/A)?

---

N/A

[MarkusSpier]

Identity confirmation (Markus Spier): kiddy demarcation washer reptile Capra Evan weepiest covetous copulate Monteverdi

[MarkusSpier]

@steve-mcintyre Just for info, my colleagues (the other contacts mentiont in the review) are currently on holiday until 10 June. So it will be a while before they reply.

[steve-mcintyre]

@steve-mcintyre Just for info, my colleagues (the other contacts mentiont in the review) are currently on holiday until 10 June. So it will be a while before they reply.

Understood, thanks for letting us know

[baramundi-vmoor]

Identity confirmation (Viktor Moor): sprout interspersing promontories locutions Sachs determination spoor oath tuckering characteristically

[baramundi-cbonfert]

Identity confirmation (Christian Bonfert): inaccessibility uninstall bazaars swop wanna archivists fanny mindfully nightcap lychees

[THS-on]

I have some questions before doing a full review.

• Old shims hashes will be submitted for revocation as soon as the new bootloaders were shipped to our customers. Have you had a shim signed in the past?
• As you are using the peimage patches, there is a new version as the old one had an issue.
• As you are not booting Linux, enabling the NX flag might be a real option here, assuming the latest GRUB2 version now fully works on NX enabled hardware.
• Can you publish an up-to-date copy of your GRUB2 sources and explain in detail what your module does?

[MarkusSpier]

I have some questions before doing a full review.

* `Old shims hashes will be submitted for revocation as soon as the new bootloaders were shipped to our customers.` Have you had a shim signed in the past?

Yes.

* As you are using the peimage patches, there is a new version as the old one had an issue.

I assume you are asking this question because we use the grub.peimage,1 flag in our sbat.csv. In fact, we do not deliver this module. Unfortunately, we overlooked to remove the entry from the sbat.csv.

* As you are not booting Linux, enabling the NX flag might be a real option here, assuming the latest GRUB2 version now fully works on NX enabled hardware.

Thanks for the hint. Is setting the NX-flag relevant for passing this review?

* Can you publish an up-to-date copy of your GRUB2 sources and explain in detail what your module does?

You can find the sources here: https://github.com/baramundisoftware/grub2_2024

Description what our module does:

In the first step, our module "bblefi" determines the UUID of the system and the MAC address of the network adapter. Then it reads (loads) a configuration file with simple control options from the TFTP server. Afterwards it reads (loads) a menu file with boot options from the TFTP server specified in the configuration file. This menu file is located in a path/folder that contains the system UUID and the MAC of the network adapter. In the next step it offers the boot options in a TUI (Text based User Interface) and waits for selection by the user if F8 has been pressed. Otherwise the configured default option is selected. Finally, the selected option is executed (load file via TFTP, boot from HDD, open GRUB console). The Shim Verifier ensures that files loaded for execution are signed by Microsoft or baramundi and can therefore be trusted.

[es-fabricemarie]

• shim built from unaltered 15.8 tarball.
• security contacts PGP keys are in keyserver, and expire in 3 years.
• shim EFI images build reproduce properly

  1fe41f9d836f64d299d790d7b6ba14d7f5c93f73014d08468814f307d86de4a8  shimia32.efi
  8caa3da0defbfa7d9fbb33f573a4d0f308712957883de46e21c9f4292cd0ceb9  shimx64.efi

• cert embedded is
  • an EV Code Signing cert from DigiCert
  • valid until November 2026 (almost 2 years)
• sbat entries looks ok to me

Questions:

• Was the CA cert rotated because of a security flaw?
  • Do you have any link to the previous review ticket? (since you mentioned "Old shims hashes will be submitted for revocation as soon as the new bootloaders were shipped to our customers."
• NX bit not set even though it only boots Windows with Grub2. Not sure if grub2 supports NX properly yet or not. If it does, NX bit should be set. If grub2 doesn't support it yet then it's fine for now.
• I can't comment on the security of your bblefi Grub2 module. This will likely need additional review

[MarkusSpier]

Hi @es-fabricemarie thanks for working on our submission.

Questions:

* Was the CA cert rotated because of a security flaw?

  * Do you have any link to the previous review ticket?
    (since you mentioned "Old shims hashes will be submitted for revocation as soon as the new bootloaders were shipped to our customers."

No, the old EV Code Signing cert had simply expired. In the meantime, the legal form has also changed (AG => GmbH), so that a new EV Code Signing certificate made sense from our point of view.

Unfortunately, a link to the old review-process (from 2015) does not exist.

* NX bit not set even though it only boots Windows with Grub2.
  Not sure if grub2 supports NX properly yet or not.
  If it does, NX bit should be set.
  If grub2 doesn't support it yet then it's fine for now.

I would prefer not to set the NX bit, as we are considering (mid/long-term) booting Linux via grub2 in the future.

Hopefully I was able to answer your questions. How can I help to push the review process forward?

[es-fabricemarie]

Makes sense. Thanks.

I suggest you upload your old certificate and your old signed-shim to your current shim review repo since you can't produce the old shim review. This way, everyone will be able to see that the cert has expired.

[MarkusSpier]

Makes sense. Thanks.

I suggest you upload your old certificate and your old signed-shim to your current shim review repo since you can't produce the old shim review. This way, everyone will be able to see that the cert has expired.

Thanks @es-fabricemarie for this hint.

The requested files can be found here in our current shim review repo: https://github.com/baramundisoftware/ShimReview_2024/tree/main/OldReviewContent

[es-fabricemarie]

I can confirm that your cert expired in 2018 when examining the cert extracted from your old shim:

objcopy -j .vendor_cert -O binary shim_old.efi expired_vendor_cert.der
openssl x509 -inform der -in expired_vendor_cert.der -noout -text -fingerprint

[...]
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA (SHA2)
        Validity
            Not Before: Mar 11 00:00:00 2015 GMT
            Not After : Mar 14 12:00:00 2018 GMT
        Subject: businessCategory=Private Organization, jurisdictionC=DE, jurisdictionST=Augsburg, serialNumber=HRB 2064, street=Beim Glaspalast 1, postalCode=86153, C=DE, ST=Bayern, L=Augsburg, O=baramundi software AG, CN=baramundi software AG
SHA1 Fingerprint=11:CB:BF:10:1A:8E:D5:8F:FF:EF:36:CD:9D:DF:9B:7F:FF:4E:7B:16
[...]

Just to be thorough: it means that since March 2018 you have no signed shim?

[MarkusSpier]

I can confirm that your cert expired in 2018 when examining the cert extracted from your old shim:

objcopy -j .vendor_cert -O binary shim_old.efi expired_vendor_cert.der
openssl x509 -inform der -in expired_vendor_cert.der -noout -text -fingerprint

[...]
        Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert EV Code Signing CA (SHA2)
        Validity
            Not Before: Mar 11 00:00:00 2015 GMT
            Not After : Mar 14 12:00:00 2018 GMT
        Subject: businessCategory=Private Organization, jurisdictionC=DE, jurisdictionST=Augsburg, serialNumber=HRB 2064, street=Beim Glaspalast 1, postalCode=86153, C=DE, ST=Bayern, L=Augsburg, O=baramundi software AG, CN=baramundi software AG
SHA1 Fingerprint=11:CB:BF:10:1A:8E:D5:8F:FF:EF:36:CD:9D:DF:9B:7F:FF:4E:7B:16
[...]

Just to be thorough: it means that since March 2018 you have no signed shim?

The old signed shim recently provided in the current shim review was signed by Microsoft with the certificate "Microsoft Corporation UEFI CA 2011", which has not yet been revoked. Therefore, the signing of our old shim is still valid.

[MarkusSpier]

@THS-on Are there any outstanding issues that we can help with to support and drive forward the review process?

[THS-on]

@MarkusSpier as you implement a lot new functionality as a single GRUB2 module, we are currently in discussion how to treat this from a review perspective, as this is closer to a custom bootlaoder than vanilla GRUB2.

@steve-mcintyre is there something @MarkusSpier can already do?

[MarkusSpier]

@MarkusSpier as you implement a lot new functionality as a single GRUB2 module, we are currently in discussion how to treat this from a review perspective, as this is closer to a custom bootlaoder than vanilla GRUB2.

@THS-on Thanks for the quick reply.

The only changes are the updates of Grub2 and Shim to the most recent versions to address security issues and the transfer of the UUID.

As the previous bootchain (currently signed shim + grub2 with bblefi module) is almost identical to the bootchain described in this review, the functionality is not new in our opinion.

[steve-mcintyre]

Review of shim 15.8 (64bit and 32bit) for baramundi Management Suite

Good

General

• Contact verification completed - OK
• key management using an HSM: SafeNet eToken 5110 - OK
• Switched to a new embedded cert for a new root of trust - OK

Shim

• Builds from 15.8 upstream, with no patches - OK
• shim builds reproduce here for x64 and ia32 with the Dockerfile - OK

  8caa3da0defbfa7d9fbb33f573a4d0f308712957883de46e21c9f4292cd0ceb9  shim-15.8-x64/shimx64.efi
  8caa3da0defbfa7d9fbb33f573a4d0f308712957883de46e21c9f4292cd0ceb9  shimx64.efi
  1fe41f9d836f64d299d790d7b6ba14d7f5c93f73014d08468814f307d86de4a8  shim-15.8-x86/shimia32.efi
  1fe41f9d836f64d299d790d7b6ba14d7f5c93f73014d08468814f307d86de4a8  shimia32.efi

• NX bit not set on shim binaries - OK
• Includes an EV cert, expiring in Nov 2025 - OK

  Serial Number:
    07:62:94:3f:1d:63:06:96:72:ea:ac:ca:78:b6:13:66
  Signature Algorithm: sha256WithRSAEncryption
  Issuer: C = US, O = "DigiCert, Inc.", CN = DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
  Validity
    Not Before: Nov  2 00:00:00 2023 GMT
    Not After : Nov  1 23:59:59 2026 GMT
  Subject: jurisdictionC = DE, jurisdictionST = Bayern, jurisdictionL = Augsburg, businessCategory = Private Organization, serialNumber = HRB 38692, C = DE, ST = Bayern, L = Augsburg, O = baramundi software GmbH, CN = baramundi software GmbH

• SBAT data looks fine for shim - OK
  • Nit: You didn't list the shim SBAT data in your submission - please do that next time!

GRUB

• Using 2.12-1ubuntu1 copied from Ubuntu, then an extra module included
• so should be fine for fixes and patches on the core code
• SBAT data looks (mostly!) OK
  • As the README says, please include the exact SBAT data from a GRUB binary, not just the templated data before build

Linux

• No Linux kernel in use

fwupd

• No fwupd in use

Issues / queries

We have no view of what the bbl code looks like, which makes it impossible for us to assign trust there. It's up to Microsoft to decide if they're happy to sign this shim based on that.

Technical review of your shim says that it is fine, just two outstanding queries for me:

• Nit: You didn't list the shim SBAT data in your submission - please do that next time. Not a blocker for this review.
• As the README says, please include the exact SBAT data from a GRUB binary, not just the templated data before build

[MarkusSpier]

Thanks @steve-mcintyre for your review so far.

The extracted SBAT from the GRUB2 binary:

sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
grub,4,Free Software Foundation,grub,@UPSTREAM_VERSION@,https://www.gnu.org/software/grub/
grub.ubuntu,1,Ubuntu,grub2,@DEB_VERSION@,https://www.ubuntu.com/
grub.peimage,1,Canonical,grub2,@DEB_VERSION@,https://salsa.debian.org/grub-team/grub/-/blob/master/debian/patches/secure-boot/efi-use-peimage-shim.patch
grub.baramundi,1,Baramundi,grub2,2.12-1ubuntu1-bblefi1,https://github.com/baramundisoftware/grub2

It´s identical to the templated data before build that we included in the readme. Caused by our build process, the placeholders are not replaced.

[steve-mcintyre]

Thanks @steve-mcintyre for your review so far.

The extracted SBAT from the GRUB2 binary:

sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
grub,4,Free Software Foundation,grub,@UPSTREAM_VERSION@,https://www.gnu.org/software/grub/
grub.ubuntu,1,Ubuntu,grub2,@DEB_VERSION@,https://www.ubuntu.com/
grub.peimage,1,Canonical,grub2,@DEB_VERSION@,https://salsa.debian.org/grub-team/grub/-/blob/master/debian/patches/secure-boot/efi-use-peimage-shim.patch
grub.baramundi,1,Baramundi,grub2,2.12-1ubuntu1-bblefi1,https://github.com/baramundisoftware/grub2

It´s identical to the templated data before build that we included in the readme. Caused by our build process, the placeholders are not replaced.

That definitely needs fixing then. You have the information to be able to list proper versions here.

[MarkusSpier]

Thanks @steve-mcintyre for your review so far. The extracted SBAT from the GRUB2 binary:

sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
grub,4,Free Software Foundation,grub,@UPSTREAM_VERSION@,https://www.gnu.org/software/grub/
grub.ubuntu,1,Ubuntu,grub2,@DEB_VERSION@,https://www.ubuntu.com/
grub.peimage,1,Canonical,grub2,@DEB_VERSION@,https://salsa.debian.org/grub-team/grub/-/blob/master/debian/patches/secure-boot/efi-use-peimage-shim.patch
grub.baramundi,1,Baramundi,grub2,2.12-1ubuntu1-bblefi1,https://github.com/baramundisoftware/grub2

It´s identical to the templated data before build that we included in the readme. Caused by our build process, the placeholders are not replaced.

That definitely needs fixing then. You have the information to be able to list proper versions here.

We have adapted the build. The placeholders are now replaced. The new extracted SBAT from the GRUB2 binary:

sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
grub,4,Free Software Foundation,grub,2.12,https://www.gnu.org/software/grub/
grub.ubuntu,1,Ubuntu,grub2,2.12-1ubuntu1,https://www.ubuntu.com/
grub.peimage,1,Canonical,grub2,2.12-1ubuntu1,https://salsa.debian.org/grub-team/grub/-/blob/master/debian/patches/secure-boot/efi-use-peimage-shim.patch
grub.baramundi,1,Baramundi,grub2,2.12-1ubuntu1-bblefi1,https://github.com/baramundisoftware/grub2

[steve-mcintyre]

Approved - next step is with Microsoft