RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1702500 - Require RHEL7 (all versions) to support Secure Boot and Measured Boot
Summary: Require RHEL7 (all versions) to support Secure Boot and Measured Boot
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: efibootmgr
Version: 7.0
Hardware: All
OS: Linux
unspecified
high
Target Milestone: rc
: ---
Assignee: Bootloader engineering team
QA Contact: Release Test Team
URL:
Whiteboard:
Depends On:
Blocks: 1797441
TreeView+ depends on / blocked
 
Reported: 2019-04-23 23:47 UTC by Prashanth
Modified: 2021-03-15 07:35 UTC (History)
14 users (show)

Fixed In Version: edcohen@microsoft.com
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-03-15 07:35:22 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Prashanth 2019-04-23 23:47:03 UTC 
1.	Confirm if Secureboot & measured boot works as below? 
•         UEFI validates signature of ShimX64.efi against DB , DBX and measures shim hash into PCR[4]
•         Shim validates signature of GRUB and measures GRUB hash into PCR[4] , signer into PCR[7]
•         When Grub loads kernel, Shim’s ‘shim_verify’ shim lock call back is invoked , which validates signature of kernel and measures Kernel hash into PCR[4] , signer into PCR[7]
 
 
2.	Confirm if below Grub2 TPM patches (From Readme.tpm in shim’s code) are included in Azure gallery images? 
•	PCR8:
- If you're using the grub2 TPM patchset we cary in Fedora, the kernel command
  line and all grub commands (including all of grub.cfg that gets run) are
  measured into PCR8.
  
•	PCR9:
- If you're using the grub2 TPM patchset we cary in Fedora, the kernel,
  initramfs, and any multiboot modules loaded are measured into PCR9.
 
•	PCR14:
- MokList, MokListX, and MokSBState will be extended into PCR14 if they are
 
 
3.	Would it be feasible to add path of the binary Shim is measuring? This will help in parsing & co-relating boot measurements.  
EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 *sha1hash,   UINT8 pcr)
{
EFI_IMAGE_LOAD_EVENT ImageLoad;
 
// All of this is informational and forces us to do more parsing before
// we can generate it, so let's just leave it out for now
ImageLoad.ImageLocationInMemory = 0;
ImageLoad.ImageLengthInMemory = 0;
ImageLoad.ImageLinkTimeAddress = 0;
ImageLoad.LengthOfDevicePath = 0;
 
return tpm_log_event_raw(buf, size, pcr, (CHAR8 *)&ImageLoad,
                                                      sizeof(ImageLoad),
                                                      EV_EFI_BOOT_SERVICES_APPLICATION, sha1hash);
}
Comment 2 Javier Martinez Canillas 2019-04-24 10:39:16 UTC 
Hello Prashanth,

(In reply to Prashanth from comment #0)
> 1.	Confirm if Secureboot & measured boot works as below? 
> •         UEFI validates signature of ShimX64.efi against DB , DBX and
> measures shim hash into PCR[4]
> •         Shim validates signature of GRUB and measures GRUB hash into
> PCR[4] , signer into PCR[7]
> •         When Grub loads kernel, Shim’s ‘shim_verify’ shim lock call back
> is invoked , which validates signature of kernel and measures Kernel hash
> into PCR[4] , signer into PCR[7]
>

Yes, all these are correct.
  
>  
> 2.	Confirm if below Grub2 TPM patches (From Readme.tpm in shim’s code) are
> included in Azure gallery images?

The TPM patches are included in RHEL8 and Fedora since version 28. They are not included in RHEL7.

> •	PCR8:
> - If you're using the grub2 TPM patchset we cary in Fedora, the kernel
> command
>   line and all grub commands (including all of grub.cfg that gets run) are
>   measured into PCR8.
>   
> •	PCR9:
> - If you're using the grub2 TPM patchset we cary in Fedora, the kernel,
>   initramfs, and any multiboot modules loaded are measured into PCR9.
>  
> •	PCR14:
> - MokList, MokListX, and MokSBState will be extended into PCR14 if they are
>

All these are correct as well. Just one note that multiboot is disabled on grub2 EFI builds for security reasons.

>  
> 3.	Would it be feasible to add path of the binary Shim is measuring? This
> will help in parsing & co-relating boot measurements.  
> EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 *sha1hash,
> UINT8 pcr)
> {
> EFI_IMAGE_LOAD_EVENT ImageLoad;
>  
> // All of this is informational and forces us to do more parsing before
> // we can generate it, so let's just leave it out for now
> ImageLoad.ImageLocationInMemory = 0;
> ImageLoad.ImageLengthInMemory = 0;
> ImageLoad.ImageLinkTimeAddress = 0;
> ImageLoad.LengthOfDevicePath = 0;
>  
> return tpm_log_event_raw(buf, size, pcr, (CHAR8 *)&ImageLoad,
>                                                       sizeof(ImageLoad),
>                                                      
> EV_EFI_BOOT_SERVICES_APPLICATION, sha1hash);
> }

Sounds sensible to me.
Comment 3 Vinay Kotak 2020-01-09 00:31:05 UTC 
As of today, the remaining open items on this bug are listed below. 

1. Would it be feasible to add path of the binary Shim is measuring? This will help in parsing & co-relating boot measurements.  
EFI_STATUS tpm_log_pe(EFI_PHYSICAL_ADDRESS buf, UINTN size, UINT8 *sha1hash,   UINT8 pcr)
{
EFI_IMAGE_LOAD_EVENT ImageLoad;
 
// All of this is informational and forces us to do more parsing before
// we can generate it, so let's just leave it out for now
ImageLoad.ImageLocationInMemory = 0;
ImageLoad.ImageLengthInMemory = 0;
ImageLoad.ImageLinkTimeAddress = 0;
ImageLoad.LengthOfDevicePath = 0;
 
return tpm_log_event_raw(buf, size, pcr, (CHAR8 *)&ImageLoad,
                                                      sizeof(ImageLoad),
                                                      EV_EFI_BOOT_SERVICES_APPLICATION, sha1hash);
}
Comment 4 Javier Martinez Canillas 2020-01-24 17:24:04 UTC 
As mentioned in Comment 2 the TPM measurements support for GRUB is not present in RHEL7, only in RHEL8.

So this bugzilla should be an RFE, but that will require a significant backport for GRUB which may not be suitable at this point of the RHEL7 life cycle.
Comment 7 RHEL Program Management 2021-03-15 07:35:22 UTC 
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.
Note You need to log in before you can comment on or make changes to this bug.