2207710 – Executing BOOTX64.EFI fails after printing "Verification failed: Security Policy Violation"

Bug 2207710 - Executing BOOTX64.EFI fails after printing "Verification failed: Security Policy Violation" [NEEDINFO]

Summary: Executing BOOTX64.EFI fails after printing "Verification failed: Security Pol...

Keywords:
Status:	NEW
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	shim
Sub Component:
Version:	7.9
Hardware:	x86_64
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	rc
Target Release:	---
Assignee:	Bootloader engineering team
QA Contact:	Release Test Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1788175
TreeView+	depends on / blocked

Reported:	2023-05-16 15:22 UTC by Renaud Métrich
Modified:	2023-07-18 12:33 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:
Flags:	rmetrich: needinfo? (jaredz)

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-157390	0	None	None	None	2023-05-16 15:24:26 UTC
Red Hat Knowledge Base (Solution)	7016382	0	None	None	None	2023-06-01 05:37:24 UTC

Description Renaud Métrich 2023-05-16 15:22:26 UTC

Description of problem:

Booting BOOTX64.EFI fails after it prints "Verification failed: Security Policy Violation".
Verbose mode shows this happens due to some "self signed certificate in certificate chain":
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------
shim.c:866:load_image() attempting to load \EFI\BOOT\fbx64.efi^M
shim.c:737:verify_buffer_sbat() sbat section base:0x7CCED418 size:0x200^M
pe.c:868:verify_sbat_section() SBAT section data^M
pe.c:876:verify_sbat_section() sbat, 1, SBAT Version, sbat, 1, https://github.com/rhboot/shim/blob/main/SBAT.md^M
pe.c:876:verify_sbat_section() shim, 2, UEFI shim, shim, 1, https://github.com/rhboot/shim^M
sbat.c:126:verify_single_entry() component sbat has a matching SBAT variable entry, verifying^M
sbat.c:191:verify_sbat_helper() finished verifying SBAT data: Success^M
pe.c:571:generate_hash() sha1 authenticode hash:^M
pe.c:572:generate_hash() 00000000  XX XX XX XX XX XX XX XX  XX XX XX XX 56 b0 81 0d  XXXXXXXXXXXX|V...|^M
pe.c:572:generate_hash() 00000004  3a 19 2f 84 29 f8 97 69  91 11 23 84 ed d6 8e a3  |:./.)..i..#.....|^M
pe.c:573:generate_hash() sha256 authenticode hash:^M
pe.c:574:generate_hash() 00000000  7a b6 3b 1a f6 ae a2 5c  99 6a 38 8e fa d8 aa fb  |z.;....\.j8.....|^M
pe.c:574:generate_hash() 00000010  3f 09 72 e8 90 17 97 7d  8e 72 7d 6b 94 ff 05 c6  |?.r....}.r}k....|^M
shim.c:611:verify_buffer_authenticode() check_allowlist: Not Found^M
shim.c:665:verify_buffer_authenticode() Attempting to verify signature 0:^M 
shim.c:154:check_db_cert_in_ram() trying to verify cert 0 (db)^M
shim.c:154:check_db_cert_in_ram() trying to verify cert 1 (db)^M
shim.c:154:check_db_cert_in_ram() trying to verify cert 0 (vendor_db)^M
shim.c:154:check_db_cert_in_ram() trying to verify cert 0 (MokListRT)^M
shim.c:687:verify_buffer_authenticode() Binary is not authorized^M
shim.c:354 check_allowlist() check_db_hash(db, sha256hash) != DATA_FOUND^M^M
shim.c:362 check_allowlist() check_db_hash(db, sha1hash) != DATA_FOUND^M^M
shim.c:385 check_allowlist() check_db_hash(vendor_db, sha256hash) != DATA_FOUND^M^M
shim.c:406 check_allowlist() check_db_hash(MokListRT, sha256hash) != DATA_FOUND^M^M
shim.c:610 verify_buffer_authenticode() check_allowlist(): Not Found^M^M
shim.c:354 check_allowlist() check_db_hash(db, sha256hash) != DATA_FOUND^M^M
shim.c:362 check_allowlist() check_db_hash(db, sha1hash) != DATA_FOUND^M^M
shim.c:169 check_db_cert_in_ram() AuthenticodeVerify(): 0^M^M
shim.c:169 check_db_cert_in_ram() AuthenticodeVerify(): 0^M^M
shim.c:370 check_allowlist() check_db_cert(db, sha256hash) != DATA_FOUND^M^M
shim.c:385 check_allowlist() check_db_hash(vendor_db, sha256hash) != DATA_FOUND^M^M
shim.c:169 check_db_cert_in_ram() AuthenticodeVerify(): 0^M^M
shim.c:395 check_allowlist() check_db_cert(vendor_db, sha256hash) != DATA_FOUND^M^M
shim.c:406 check_allowlist() check_db_hash(MokListRT, sha256hash) != DATA_FOUND^M^M
shim.c:169 check_db_cert_in_ram() AuthenticodeVerify(): 0^M^M
shim.c:414 check_allowlist() check_db_cert(MokListRT, sha256hash) != DATA_FOUND^M^M
SSL Error: shim.c:691 verify_buffer_authenticode(): Security Policy Violation^M
2092850320:error:21075075:lib(33):func(117):reason(117):NA:0:Verify error:self signed certificate in certificate chain^M
Verification failed: Security Policy Violation^M
Failed to load image: Security Policy Violation^M
shim.c:1169 start_image() Failed to load image: Security Policy Violation^M^M
shim.c:866:load_image() attempting to load \EFI\BOOT\mmx64.efi^M
Failed to open \EFI\BOOT\mmx64.efi - Not Found^M
Failed to load image ??: Not Found^M
shim.c:888 load_image() Failed to open \EFI\BOOT\mmx64.efi - Not Found^M^M
shim.c:1116 read_image() Failed to load image ??: Not Found^M^M
start_image() returned Not Found^M
BdsDxe: No bootable option or device was found.^M
BdsDxe: Press any key to enter the Boot Manager Menu.^M
-------- 8< ---------------- 8< ---------------- 8< ---------------- 8< --------

This prevents executing Recovery Code, causing system to be unbootable if firmware was cleared somehow (e.g. "efibootmgr -O" executed).

Additionally this prevents some VMWare systems to boot without user interaction (need to "OK" multiple times until "Red Hat Enterprise Linux gets selected):
issue still under investigation by VMWare, seems to affect "VMware ESXi, 7.0.3, 21313628".

Version-Release number of selected component (if applicable):

shim-x64-15.6-3.el7_9.x86_64

How reproducible:

Always

Steps to Reproduce:
1. Boot a UEFI RHEL7 system in Secure Boot
2. Clear the EFI entries

   # efibootmgr -O

3. Reboot

Actual results:

Security Violation

Expected results:

No violation and "Red Hat Enterprise Linux" entry recreated

Comment 3 Renaud Métrich 2023-05-16 15:26:35 UTC

Actually the fbx64.efi binary has been signed with wrong certificate:

[root@vm-uefi7 ~]# pesign -S -i /boot/efi/EFI/BOOT/fbx64.efi 
---------------------------------------------
certificate address is 0x7ff26281be10
Content was not encrypted.
Content is detached; signature cannot be verified.
The signer's common name is Red Hat Test Certificate
No signer email address.
Signing time: Mon Apr 17, 2023
There were certs or crls included.
---------------------------------------------

Comment 11 Marta Lewandowska 2023-07-18 12:33:58 UTC

*** Bug 2220848 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.