[RFC] New API methods to let clients display accurate status about SecureBoot and UEFI certs

stormi commented 5 months ago

Context

Due to the licensing of the SecureBoot certificates distributed by Microsoft, XCP-ng doesn't include them in dom0. We instead provide a utility to download and install them in the pool.
When a UEFI VM is created and initially started on a pool which doesn't have Secure Boot certificates, its certificates will be empty, which means it is in UEFI setup mode. In this mode, SecureBoot is automatically, silently, disabled. Users may think they have enabled Secure Boot in their VM by setting vm.platform.secureboot to true, but in fact their demand was silently ignored.
Contrarily to what happened with uefistored in XCP-ng 8.2, varstored respects setup mode and won't propagate pool certificates to existing VMs, so even when the pool finally gets the certificates, a VM in setup mode will remain in setup mode until users manually cause pool certificates to be installed to it (by switching it to user mode on a pool which was setup for SecureBoot: varstore-sb-state $VMUUID user).

Needs

1. Prevent users from thinking SB is on when it's off (false sense of security).
1. Help them setup Secure Boot correctly for the pool.
1. Help them truly enable Secure Boot in a VM which was initially started on a pool that was not setup for SecureBoot and thus is in setup mode.

Strategy

We need to act at several levels:

varstored so that it can be built with a flag which enables propagating certificates from pool to VM even if important certificates are missing. This would only be enabled in XCP-ng, where it is better than have only PK.auth on a VM started on a pool without UEFI certs (and being able to fix that afterwards), rather than having the VM be without any certs and thus considered being in UEFI setup mode.
Xen Orchestra/other xapi clients, to display reliable information about Secure Boot and certificates to users for their VMs, especially at VM creation when they decide to enable Secure Boot. It should also be possible for users to switch a VM to user mode without needing to SSH to dom0, so:
XAPI to expose to clients such as Xen Orchestra such reliable information and ways to setup SecureBoot properly for a VM.

(We will also add a first boot systemd service to XCP-ng which will attempt to download the UEFI certificates from Microsoft and uefi.org, but nothing guarantees that the host will be able to reach the necessary websites, so we can't rely on it as a complete solution.)

Changes planned in Xen Orchestra

Warn before UEFI VM creation if Secure Boot is on but the pool is not setup for SB: https://github.com/vatesfr/xen-orchestra/issues/7500
Display accurate Secure Boot status and allow to fix a VM's UEFI certs: https://github.com/vatesfr/xen-orchestra/issues/7495

API changes in XAPI

New methods:

VM.set_uefi_mode. Accepted parameters: setup and user. This delegates actions to varstore-sb-state $VM_UUID $ACTION.
VM.get_secureboot_readiness. Returns one of:
- NOT_SUPPORTED if the VM's firmware is not UEFI
- DISABLED if vm.platform.secureboot is false or not set.
- FIRST_BOOT if vm.platform.secureboot is true and vm.NVRAM.EFI-variables is empty (TO BE CONFIRMED).
- READY if vm.platform.secureboot is true and PK, KEK, db and dbx are defined in the VM's EFI variables.
- READY_NO_DBX if vm.platform.secureboot is true and PK, KEK, db are defined but dbx isn't defined.
- SETUP_MODE if vm.platform.secureboot is true and PK isn't defined.
- CERTS_INCOMPLETE in any other case (this would be for example a PK without KEK nor db)
if wanted, addition of vm-get-secureboot-readiness to xe.
pool.list_uefi_cert_variables. Returns a list of enum values that can be composed of any of PK, KEK, db and dbx, based on certificates present either in pool.custom_uefi_certificates (when nonempty) or pool.uefi_certificates (when custom certificates are empty), to make it easier for clients to know what certificates are present, without having to extract the tarballs stored by XAPI. Used by clients to determine whether a pool is ready for guest SecureBoot, and possibly give details about what exact certificates are missing. OR, INSTEAD:
pool.get_guest_secureboot_readiness. Returns one of:
- READY if the active pool UEFI certificates (custom ones first, default ones if no custom ones) contain PK, KEK, db and dbx
- READY_NO_DBX if the active pool UEFI certificates contain PK, KEK and db but not dbx
- NOT_READY otherwise.
if wanted, addition of pool-get-secureboot-readiness to xe.

benjamreis commented 5 months ago

I've started a draft PR for this RFC, feedback is welcomed regarding the design. :)

psafont commented 3 months ago

I believe this has been finished by merging https://github.com/xapi-project/xen-api/pull/5566

Please reopen if this is not the case

xapi-project / xen-api