Bug 2207710

Summary: Executing BOOTX64.EFI fails after printing "Verification failed: Security Policy Violation"
Product: Red Hat Enterprise Linux 7 Reporter: Renaud Métrich <rmetrich>
Component: shimAssignee: Bootloader engineering team <bootloader-eng-team>
Status: NEW --- QA Contact: Release Test Team <release-test-team>
Severity: urgent Docs Contact:
Priority: urgent    
Version: 7.9CC: fj-lsoft-rh-dump, jaredz, mlewando, pjanda, prjagtap, qguo, sbarcomb, xuwei
Target Milestone: rcKeywords: EasyFix, Regression
Target Release: ---Flags: rmetrich: needinfo? (jaredz)
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1788175    

Description Renaud Métrich 2023-05-16 15:22:26 UTC 
Description of problem:

Booting BOOTX64.EFI fails after it prints "Verification failed: Security Policy Violation".
Verbose mode shows this happens due to some "self signed certificate in certificate chain":
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
shim.c:866:load_image() attempting to load \EFI\BOOT\fbx64.efi^M
shim.c:737:verify_buffer_sbat() sbat section base:0x7CCED418 size:0x200^M
pe.c:868:verify_sbat_section() SBAT section data^M
pe.c:876:verify_sbat_section() sbat, 1, SBAT Version, sbat, 1, https://github.com/rhboot/shim/blob/main/SBAT.md^M
pe.c:876:verify_sbat_section() shim, 2, UEFI shim, shim, 1, https://github.com/rhboot/shim^M
sbat.c:126:verify_single_entry() component sbat has a matching SBAT variable entry, verifying^M
sbat.c:191:verify_sbat_helper() finished verifying SBAT data: Success^M
pe.c:571:generate_hash() sha1 authenticode hash:^M
pe.c:572:generate_hash() 00000000  XX XX XX XX XX XX XX XX  XX XX XX XX 56 b0 81 0d  XXXXXXXXXXXX|V...|^M
pe.c:572:generate_hash() 00000004  3a 19 2f 84 29 f8 97 69  91 11 23 84 ed d6 8e a3  |:./.)..i..#.....|^M
pe.c:573:generate_hash() sha256 authenticode hash:^M
pe.c:574:generate_hash() 00000000  7a b6 3b 1a f6 ae a2 5c  99 6a 38 8e fa d8 aa fb  |z.;....\.j8.....|^M
pe.c:574:generate_hash() 00000010  3f 09 72 e8 90 17 97 7d  8e 72 7d 6b 94 ff 05 c6  |?.r....}.r}k....|^M
shim.c:611:verify_buffer_authenticode() check_allowlist: Not Found^M
shim.c:665:verify_buffer_authenticode() Attempting to verify signature 0:^M 
shim.c:154:check_db_cert_in_ram() trying to verify cert 0 (db)^M
shim.c:154:check_db_cert_in_ram() trying to verify cert 1 (db)^M
shim.c:154:check_db_cert_in_ram() trying to verify cert 0 (vendor_db)^M
shim.c:154:check_db_cert_in_ram() trying to verify cert 0 (MokListRT)^M
shim.c:687:verify_buffer_authenticode() Binary is not authorized^M
shim.c:354 check_allowlist() check_db_hash(db, sha256hash) != DATA_FOUND^M^M
shim.c:362 check_allowlist() check_db_hash(db, sha1hash) != DATA_FOUND^M^M
shim.c:385 check_allowlist() check_db_hash(vendor_db, sha256hash) != DATA_FOUND^M^M
shim.c:406 check_allowlist() check_db_hash(MokListRT, sha256hash) != DATA_FOUND^M^M
shim.c:610 verify_buffer_authenticode() check_allowlist(): Not Found^M^M
shim.c:354 check_allowlist() check_db_hash(db, sha256hash) != DATA_FOUND^M^M
shim.c:362 check_allowlist() check_db_hash(db, sha1hash) != DATA_FOUND^M^M
shim.c:169 check_db_cert_in_ram() AuthenticodeVerify(): 0^M^M
shim.c:169 check_db_cert_in_ram() AuthenticodeVerify(): 0^M^M
shim.c:370 check_allowlist() check_db_cert(db, sha256hash) != DATA_FOUND^M^M
shim.c:385 check_allowlist() check_db_hash(vendor_db, sha256hash) != DATA_FOUND^M^M
shim.c:169 check_db_cert_in_ram() AuthenticodeVerify(): 0^M^M
shim.c:395 check_allowlist() check_db_cert(vendor_db, sha256hash) != DATA_FOUND^M^M
shim.c:406 check_allowlist() check_db_hash(MokListRT, sha256hash) != DATA_FOUND^M^M
shim.c:169 check_db_cert_in_ram() AuthenticodeVerify(): 0^M^M
shim.c:414 check_allowlist() check_db_cert(MokListRT, sha256hash) != DATA_FOUND^M^M
SSL Error: shim.c:691 verify_buffer_authenticode(): Security Policy Violation^M
2092850320:error:21075075:lib(33):func(117):reason(117):NA:0:Verify error:self signed certificate in certificate chain^M
Verification failed: Security Policy Violation^M
Failed to load image: Security Policy Violation^M
shim.c:1169 start_image() Failed to load image: Security Policy Violation^M^M
shim.c:866:load_image() attempting to load \EFI\BOOT\mmx64.efi^M
Failed to open \EFI\BOOT\mmx64.efi - Not Found^M
Failed to load image ??: Not Found^M
shim.c:888 load_image() Failed to open \EFI\BOOT\mmx64.efi - Not Found^M^M
shim.c:1116 read_image() Failed to load image ??: Not Found^M^M
start_image() returned Not Found^M
BdsDxe: No bootable option or device was found.^M
BdsDxe: Press any key to enter the Boot Manager Menu.^M
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

This prevents executing Recovery Code, causing system to be unbootable if firmware was cleared somehow (e.g. "efibootmgr -O" executed).

Additionally this prevents some VMWare systems to boot without user interaction (need to "OK" multiple times until "Red Hat Enterprise Linux gets selected):
issue still under investigation by VMWare, seems to affect "VMware ESXi, 7.0.3, 21313628".

Version-Release number of selected component (if applicable):

shim-x64-15.6-3.el7_9.x86_64

How reproducible:

Always

Steps to Reproduce:
1. Boot a UEFI RHEL7 system in Secure Boot
2. Clear the EFI entries

   # efibootmgr -O

3. Reboot

Actual results:

Security Violation

Expected results:

No violation and "Red Hat Enterprise Linux" entry recreated
Comment 3 Renaud Métrich 2023-05-16 15:26:35 UTC 
Actually the fbx64.efi binary has been signed with wrong certificate:

[root@vm-uefi7 ~]# pesign -S -i /boot/efi/EFI/BOOT/fbx64.efi 
---------------------------------------------
certificate address is 0x7ff26281be10
Content was not encrypted.
Content is detached; signature cannot be verified.
The signer's common name is Red Hat Test Certificate
No signer email address.
Signing time: Mon Apr 17, 2023
There were certs or crls included.
---------------------------------------------
Comment 11 Marta Lewandowska 2023-07-18 12:33:58 UTC 
*** Bug 2220848 has been marked as a duplicate of this bug. ***