15.8 release tarball can not be verified

[dvzrv]

Hi! :wave:

I package this project for Arch Linux and am currently looking into upgrading to 15.8.

Unfortunately it seems, that the 15.8 tag is not signed at all (which has been an issue before - see https://github.com/rhboot/shim/issues/304 and https://github.com/rhboot/shim/issues/529).

I tried using the attached source tarball and accompanying signature, however, the signature is done by an OpenPGP key with the fingerprint 8107B101A432AAC9FE8E547CA348D61BC2713E9F and I was not able to retrieve it from anywhere (tried https://keyserver.ubuntu.com/ and https://keys.openpgp.org/ and https://pgpkeys.eu/). Since this appears to be a new certificate, please make sure to have a trust path between the previous key and the new one.

[aronowski]

Until we have a response from @vathpela, best I can do is to paste the digests I myself verified from multiple sources, hoping that'll help.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

a9452c2e6fafe4e1b87ab2e1cac9ec00  shim-15.8.tar.bz2
cdec924ca437a4509dcb178396996ddf92c11183  shim-15.8.tar.bz2
a79f0a9b89f3681ab384865b1a46ab3f79d88b11b4ca59aa040ab03fffae80a9  shim-15.8.tar.bz2
30b3390ae935121ea6fe728d8f59d37ded7b918ad81bea06e213464298b4bdabbca881b30817965bd397facc596db1ad0b8462a84c87896ce6c1204b19371cd1  shim-15.8.tar.bz2
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/czy2yX5p84Y2FLeLibj9doRag4FAmW6ZiIACgkQLibj9doR
ag4Y6Q/+Ns30qyF4SdDqKaauwor2wlk3QIAWA0g86KnlCMJuLzpNcvbCpa8Po5x0
XIiW3P+/T0+ox3/OvQJjtFsNtZZIlS1R/vRDwv+ojwBBMzGLbmsbOj4vErkSm2qK
vAHxhHw1y0BnPQsAetxB2qg4hSLVacNj6KGm27MssJOgAzQo8m4nlCZzUmV8Rhex
TonOlk1C14h+RCLhDsO4cQJdQI5qk2uuxtiziHj1W0lxmUxUGBh5/2ePtg31z9vv
UxT+0y8MdT94fHqT36PFwthbPkintejoRMrnHLbJvB2IfrGVoNHcIbxqqyJb8WX8
79PfLLNihth0Wsy6Ivpt1EstWpSdyfZ0Rvu77hIjLQQGfJntB6m62P32xqcHTYh/
CJaxIbUMbBgFK9DDmVkq2RUBa5D9yerDsUZuUuWBVU9ZUnKhijRPq1K9SFZeceaZ
iqLCWxNMy5puFuFL7VdDC8h30dKXFuchatIfPp2FvcXs2RK0MCGISxzFvGJI+y8m
wAy+LdoIhKQ3JGGx6NFFE2GSjBY//HNb2dNLToiUdizc5kcvcC8AncenI6uRNk+e
zrQXnwx8VLteIeQrrS8JeTk1yiFzhWxESE7yPBW0N3v424rpSrWDJuKibwZMh2N/
QYjWe4HItsMJ6kZzLieIAviWX2ntrPJKdaD8kPlD/ykPfVLxW+U=
=RZJz
-----END PGP SIGNATURE-----

[vathpela]

I honestly don't get it; it sure looks signed to me:

random:shim$ git tag -v 15.8
object 5914984a1ffeab841f482c791426d7ca9935a5e6
type commit
tag 15.8
tagger Peter Jones <pjones@redhat.com> 1706036109 -0500

shim 15.8:

What's changed
* Various CVE fixes:
CVE-2023-40546 mok: fix LogError() invocation
CVE-2023-40547 - avoid incorrectly trusting HTTP headers
CVE-2023-40548 Fix integer overflow on SBAT section size on 32-bit system
CVE-2023-40549 Authenticode: verify that the signature header is in bounds.
CVE-2023-40550 pe: Fix an out-of-bound read in verify_buffer_sbat()
CVE-2023-40551: pe-relocate: Fix bounds check for MZ binaries
* Add make infrastructure to set the NX_COMPAT flag by @vathpela in https://github.com/rhboot/shim/pull/530
* Make sbat_var.S parse right with buggy gcc/binutils by @vathpela in https://github.com/rhboot/shim/pull/535
* Drop invalid calls to CRYPTO_set_mem_functions by @nicholasbishop in https://github.com/rhboot/shim/pull/537
* pe: Align section size up to page size for mem attrs by @nicholasbishop in https://github.com/rhboot/shim/pull/539
* test-sbat: Fix exit code by @vathpela in https://github.com/rhboot/shim/pull/540
* pe: Add IS_PAGE_ALIGNED macro by @nicholasbishop in https://github.com/rhboot/shim/pull/541
* CryptoPkg/BaseCryptLib: Fix buffer overflow issue in realloc wrapper by @nicholasbishop in https://github.com/rhboot/shim/pull/546
* Don't loop forever in load_certs() with buggy firmware by @rmetrich in https://github.com/rhboot/shim/pull/547
* Block Debian grub binaries with SBAT < 4 by @steve-mcintyre in https://github.com/rhboot/shim/pull/550
* Shim unable to locate grubx64 in PXE boot mode when grubx64 is stored in a different file path by @Alberto-Perez-Guevara in https://github.com/rhboot/shim/pull/551
* Further improve load_certs() for non-compliant drivers/firmwares by @pbatard in https://github.com/rhboot/shim/pull/560
* pe: only process RelocDir->Size of reloc section by @mikebeaton in https://github.com/rhboot/shim/pull/562
* Rename 'msecs' to 'usecs' to avoid potential confusion by @aronowski in https://github.com/rhboot/shim/pull/563
* Optionally allow to keep shim protocol installed by @bluca in https://github.com/rhboot/shim/pull/565
* SBAT-related documents formatting and spelling by @aronowski in https://github.com/rhboot/shim/pull/566
* Add SbatLevel_Variable.txt to document the various revocations by @jsetje in https://github.com/rhboot/shim/pull/569
* Add a security contact email address in README.md by @vathpela in https://github.com/rhboot/shim/pull/572
* Use -Wno-unused-but-set-variable for Cryptlib and OpenSSL by @vathpela in https://github.com/rhboot/shim/pull/576
* mok: fix LogError() invocation by @vathpela in https://github.com/rhboot/shim/pull/577
* Minor housekeeping by @vathpela in https://github.com/rhboot/shim/pull/578
* Test ImageAddress() by @vathpela in https://github.com/rhboot/shim/pull/579
* FreePages() is used to return memory allocated by AllocatePages() by @dennis-tseng99 in https://github.com/rhboot/shim/pull/580
* Size should minus 1 when calculating 'RelocBaseEnd' by @jsetje in https://github.com/rhboot/shim/pull/581
* Verify signature before verifying sbat levels by @jsetje in https://github.com/rhboot/shim/pull/583
* Add libFuzzer support for csv.c and sbat.c by @vathpela in https://github.com/rhboot/shim/pull/584
* mok: Avoid underflow in maximum variable size calculation by @alpernebbi in https://github.com/rhboot/shim/pull/587
* Housekeeping by @vathpela in https://github.com/rhboot/shim/pull/605

Signed-off-by: Peter Jones <pjones@redhat.com>
gpg: Signature made Tue Jan 23 13:55:31 2024 EST
gpg:                using EDDSA key 8107B101A432AAC9FE8E547CA348D61BC2713E9F
gpg:                issuer "pjones@redhat.com"
gpg: please do a --check-trustdb
gpg: Good signature from "Peter Jones <pjones@redhat.com>" [ultimate]
gpg:                 aka "Peter Jones <pjones@fedoraproject.org>" [unknown]
gpg:                 aka "Peter Jones <pmjones@gmail.com>" [ultimate]
Primary key fingerprint: B00B 48BC 731A A884 0FED  9FB0 EED2 66B7 0F4F EF10
     Subkey fingerprint: 8107 B101 A432 AAC9 FE8E  547C A348 D61B C271 3E9F
random:shim$ git push github 15.8:refs/tags/15.8
Host key fingerprint is SHA256:+DiY3wvvV6TuJJhbpZisF/zLDA0zPMSvHdkr4UvCOqU
+--[ED25519 256]--+
|                 |
|     .           |
|      o          |
|     o o o  .    |
|     .B S oo     |
|     =+^ =...    |
|    oo#o@.o.     |
|    E+.&.=o      |
|    ooo.X=.      |
+----[SHA256]-----+
Everything up-to-date
random:shim$

[vathpela]

https://keyserver.ubuntu.com/pks/lookup?search=8107B101A432AAC9FE8E547CA348D61BC2713E9F&fingerprint=on&op=index looks like it's working currently, so at least the tarball should be verifiable.

[dvzrv]

@vathpela: Thanks for uploading the updated certificate (including the new signing subkey, created on 2022-11-02).

gpg --recv-keys 8107B101A432AAC9FE8E547CA348D61BC2713E9F
gpg: key EED266B70F4FEF10: "Peter Jones <pjones@redhat.com>" 2 new signatures
gpg: key EED266B70F4FEF10: "Peter Jones <pjones@redhat.com>" 2 new subkeys
gpg: Total number processed: 1
gpg:            new subkeys: 2
gpg:         new signatures: 2

gpg --list-sigs 8107B101A432AAC9FE8E547CA348D61BC2713E9F
pub   rsa4096/EED266B70F4FEF10 2012-10-19 [SC] [expires: 2031-03-29]
      B00B48BC731AA8840FED9FB0EED266B70F4FEF10
uid                 [ unknown] Peter Jones <pjones@redhat.com>
sig 3        EED266B70F4FEF10 2012-10-19  [self-signature]
sig 3        EED266B70F4FEF10 2021-03-31  [self-signature]
sig          16C7C82EFA09AD77 2019-08-09  [User ID not found]
sig          2532F9176A95A442 2022-02-18  Robbie Harwood (work) <rharwood@fedoraproject.org>
sig          587979573442684E 2018-09-20  [User ID not found]
sig          8657980D9AB51E50 2019-08-09  [User ID not found]
sig          D97B2BA886A10CC0 2016-11-08  [User ID not found]
sig          EB9645763B7698EA 2018-09-20  [User ID not found]
sig          EBC26CDB5A56DE73 2016-11-08  Steven Rostedt (Der Hacker) <rostedt@goodmis.org>
uid                 [ unknown] Peter Jones <pmjones@gmail.com>
sig 3        EED266B70F4FEF10 2012-10-19  [self-signature]
sig 3        EED266B70F4FEF10 2021-03-31  [self-signature]
sig          16C7C82EFA09AD77 2019-08-09  [User ID not found]
sig          2532F9176A95A442 2022-02-18  Robbie Harwood (work) <rharwood@fedoraproject.org>
sig          8657980D9AB51E50 2019-08-09  [User ID not found]
sig          D97B2BA886A10CC0 2016-11-08  [User ID not found]
sig          EBC26CDB5A56DE73 2016-11-08  Steven Rostedt (Der Hacker) <rostedt@goodmis.org>
uid                 [ unknown] Peter Jones <pjones@fedoraproject.org>
sig 3        EED266B70F4FEF10 2021-03-31  [self-signature]
sig          2532F9176A95A442 2022-02-18  Robbie Harwood (work) <rharwood@fedoraproject.org>
sub   cv25519/95575853EC9B2111 2022-11-18 [E]
sig          EED266B70F4FEF10 2022-11-18  [self-signature]
sub   ed25519/A348D61BC2713E9F 2022-11-02 [S] [expires: 2032-10-30]
sig          EED266B70F4FEF10 2022-11-02  [self-signature]

When checking last week, the last signing subkey (ed25519/A348D61BC2713E9F - used for signing this release) had been missing in the certificate on the keyserver.

[dvzrv]

Quick follow-up irt to the tag signature:

I can now verify the signature on the tag as well, due to the added subkey:

git verify-tag 15.8
gpg: Signature made 2024-01-23T19:55:31 CET
gpg:                using EDDSA key 8107B101A432AAC9FE8E547CA348D61BC2713E9F
gpg:                issuer "pjones@redhat.com"
gpg: Good signature from "Peter Jones <pjones@redhat.com>" [unknown]
gpg:                 aka "Peter Jones <pmjones@gmail.com>" [unknown]
gpg:                 aka "Peter Jones <pjones@fedoraproject.org>" [unknown]
gpg: WARNING: The key's User ID is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: B00B 48BC 731A A884 0FED  9FB0 EED2 66B7 0F4F EF10
     Subkey fingerprint: 8107 B101 A432 AAC9 FE8E  547C A348 D61B C271 3E9F

A git verify-tag would fail if using a certificate where this subkey is not yet present.

@vathpela relatedly, could you update your github profile to include your current public key? The github web interface will mark signed commits and tags accordingly then :)

The current data seems incomplete/broken:

curl https://github.com/vathpela.gpg
-----BEGIN PGP PUBLIC KEY BLOCK-----
Note: The keys with the following IDs couldn't be exported and need to be reuploaded EED266B70F4FEF10

=twTO
-----END PGP PUBLIC KEY BLOCK-----%                                                                                                                           

[vathpela]

@vathpela relatedly, could you update your github profile to include your current public key? The github web interface will mark signed commits and tags accordingly then :)

Help me out here - I'm not seeing an obvious place to do that.

[julian-klode]

@vathpela You add GPG keys to Settings -> SSH and GPG keys