Bug 1702500
| Summary: | Require RHEL7 (all versions) to support Secure Boot and Measured Boot | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Prashanth <prarao> |
| Component: | efibootmgr | Assignee: | Bootloader engineering team <bootloader-eng-team> |
| Status: | CLOSED WONTFIX | QA Contact: | Release Test Team <release-test-team-automation> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.0 | CC: | cbesson, fmartine, guybo, hhei, jjarvis, ldu, mheslin, rmetrich, stephen.zarkos, vinnykotak, xuli, yacao, yujiang, yuxisun |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | edcohen@microsoft.com | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-03-15 07:35:22 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1797441 | ||
Hello Prashanth, (In reply to Prashanth from comment #0) > 1. Confirm if Secureboot & measured boot works as below? > • UEFI validates signature of ShimX64.efi against DB , DBX and > measures shim hash into PCR[4] > • Shim validates signature of GRUB and measures GRUB hash into > PCR[4] , signer into PCR[7] > • When Grub loads kernel, Shim’s ‘shim_verify’ shim lock call back > is invoked , which validates signature of kernel and measures Kernel hash > into PCR[4] , signer into PCR[7] > Yes, all these are correct. > > 2. Confirm if below Grub2 TPM patches (From Readme.tpm in shim’s code) are > included in Azure gallery images? The TPM patches are included in RHEL8 and Fedora since version 28. They are not included in RHEL7. > • PCR8: > - If you're using the grub2 TPM patchset we cary in Fedora, the kernel > command > line and all grub commands (including all of grub.cfg that gets run) are > measured into PCR8. > > • PCR9: > - If you're using the grub2 TPM patchset we cary in Fedora, the kernel, > initramfs, and any multiboot modules loaded are measured into PCR9. > > • PCR14: > - MokList, MokListX, and MokSBState will be extended into PCR14 if they are > All these are correct as well. Just one note that multiboot is disabled on grub2 EFI builds for security reasons. > > 3. Would it be feasible to add path of the binary Shim is measuring? This > will help in parsing & co-relating boot measurements. > EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 *sha1hash, > UINT8 pcr) > { > EFI_IMAGE_LOAD_EVENT ImageLoad; > > // All of this is informational and forces us to do more parsing before > // we can generate it, so let's just leave it out for now > ImageLoad.ImageLocationInMemory = 0; > ImageLoad.ImageLengthInMemory = 0; > ImageLoad.ImageLinkTimeAddress = 0; > ImageLoad.LengthOfDevicePath = 0; > > return tpm_log_event_raw(buf, size, pcr, (CHAR8 *)&ImageLoad, > sizeof(ImageLoad), > > EV_EFI_BOOT_SERVICES_APPLICATION, sha1hash); > } Sounds sensible to me. As of today, the remaining open items on this bug are listed below.
1. Would it be feasible to add path of the binary Shim is measuring? This will help in parsing & co-relating boot measurements.
EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 *sha1hash, UINT8 pcr)
{
EFI_IMAGE_LOAD_EVENT ImageLoad;
// All of this is informational and forces us to do more parsing before
// we can generate it, so let's just leave it out for now
ImageLoad.ImageLocationInMemory = 0;
ImageLoad.ImageLengthInMemory = 0;
ImageLoad.ImageLinkTimeAddress = 0;
ImageLoad.LengthOfDevicePath = 0;
return tpm_log_event_raw(buf, size, pcr, (CHAR8 *)&ImageLoad,
sizeof(ImageLoad),
EV_EFI_BOOT_SERVICES_APPLICATION, sha1hash);
}
As mentioned in Comment 2 the TPM measurements support for GRUB is not present in RHEL7, only in RHEL8. So this bugzilla should be an RFE, but that will require a significant backport for GRUB which may not be suitable at this point of the RHEL7 life cycle. After evaluating this issue, there are no plans to address it further or fix it in an upcoming release. Therefore, it is being closed. If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened. |
1. Confirm if Secureboot & measured boot works as below? • UEFI validates signature of ShimX64.efi against DB , DBX and measures shim hash into PCR[4] • Shim validates signature of GRUB and measures GRUB hash into PCR[4] , signer into PCR[7] • When Grub loads kernel, Shim’s ‘shim_verify’ shim lock call back is invoked , which validates signature of kernel and measures Kernel hash into PCR[4] , signer into PCR[7] 2. Confirm if below Grub2 TPM patches (From Readme.tpm in shim’s code) are included in Azure gallery images? • PCR8: - If you're using the grub2 TPM patchset we cary in Fedora, the kernel command line and all grub commands (including all of grub.cfg that gets run) are measured into PCR8. • PCR9: - If you're using the grub2 TPM patchset we cary in Fedora, the kernel, initramfs, and any multiboot modules loaded are measured into PCR9. • PCR14: - MokList, MokListX, and MokSBState will be extended into PCR14 if they are 3. Would it be feasible to add path of the binary Shim is measuring? This will help in parsing & co-relating boot measurements. EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 *sha1hash, UINT8 pcr) { EFI_IMAGE_LOAD_EVENT ImageLoad; // All of this is informational and forces us to do more parsing before // we can generate it, so let's just leave it out for now ImageLoad.ImageLocationInMemory = 0; ImageLoad.ImageLengthInMemory = 0; ImageLoad.ImageLinkTimeAddress = 0; ImageLoad.LengthOfDevicePath = 0; return tpm_log_event_raw(buf, size, pcr, (CHAR8 *)&ImageLoad, sizeof(ImageLoad), EV_EFI_BOOT_SERVICES_APPLICATION, sha1hash); }