/SELoader

Secure EFI Loader designed to authenticate the non-PE files

Primary LanguageCBSD 2-Clause "Simplified" LicenseBSD-2-Clause

Secure EFI Loader
=================

The SELoader is designed to authenticate the non-PE files, such as grub
configuration, initrd, grub modules, which cannot be verified by the MOK
Verify Protocol registered by shim loader.

In order to conveniently authenticate the PE file with gBS->LoadImage()
and gBS->StartImage(), the SELoader hooks EFI Security2 Architectural
Protocol and employs MOK Verify Protocol to verify the PE file. If only
UEFI Secure Boot is enabled, the SELoader just simplily calls
gBS->LoadImage() and gBS->StartImage() to allow BIOS to verify PE file.

The SELoader publishes MOK2 Verify Protocol which provides a flexible
interface to allow the bootloader to verify the file, file buffer or
memory buffer without knowing the file format.

In order to establish the chain of trust, the SELoader is required to be
signed by a private key corresponding to a DB certificate, the shim
certificate, the vendor certificate or a shim MOK certificate. The specific
key is determined by the Secure Boot scheme you will use.

Using UEFI Secure Boot, MOK Verify Protocol and the SELoader together, the
boot process is completely trustworthy.

ESP Layout
----------
A typical ESP layout for x86-64 looks like below, e.g,

.
├── EFI
│   └── BOOT
│       ├── bootx64.efi
│       ├── grub.cfg
│       ├── grub.cfg.p7b
│       ├── grubx64.efi
│       ├── Hash2DxeCrypto.efi
│       ├── LockDown.efi
│       ├── mmx64.efi
│       ├── Pkcs7VerifyDxe.efi
│       ├── SELoaderx64.efi
│       └── x86_64-efi
│           ├── ...
│           ├── mok2verify.mod
│           └── ...
├── images
│   ├── bzImage
│   ├── bzImage.p7b
│   ├── initrd
│   └── initrd.p7b
└── startup.nsh

where:
- bootx64.efi
  The first stage shim loader, signed by DB key and authenticated by UEFI BIOS
  boot manager.
- SELoaderx64.efi
  The second stage loader, authenticated by the shim loader with the vendor
  certificate, shim certificate, MOK certificate or DB certificate.
- grubx64.efi
  The third stage loader, authenticated by the SELoader with the same objects
  as mentioned in SELoaderx64.efi.
- grub.cfg
  grub configuration file.
- grub.cfg.p7b
  The signature file of grub.cfg, authenticated by the SELoader.
- mok2verify.mod
  Providing MOK2 Verify Protocol support, allowing the grub loader to call
  SELoader to verify grub.cfg.p7b, bzImage.p7b and initrd.p7b.
- bzImage
  Linux kernel.
- bzImage.p7b
  The signature file of bzImage, authenticated by the SELoader.
- initrd
  initramfs image.
- initrd.p7b
  The signature file of initrd, authenticated by the SELoader.
- LockDown.efi
  Run the automatical certificate provision for UEFI Secure Boot.
- mmx64.efi
  MOK Secure Boot manager, authenticated by the shim loader.
- Pkcs7VerifyDxe.efi
  Providing EFI Pkcs7 Verify Protocol support, authenticated by the SELoader.
- Hash2DxeCrypto.efi
  Providing EFI Hash2 Protocol support, authenticated by the SELoader.
- startup.nsh
  UEFI shell bootstrap script.

All efi binaries are signed with either DB.key or vendor_cert.key per the
secure boot scheme you choose. Refer to meta-secure-env for practical secure
boot implementation, and the signing tool sbsigntool.

Note that the SELoader can be also used alone without the shim loader.

EFI Pkcs7 Verify Protocol
-------------------------
The SELoader employs EFI PKCS7 Verify Protocol available since UEFI
Specification version 2.5 to verify the signature to prove the integrity
of checked file.

If your BIOS doesn't support this protocol, it is recommended to update
the BIOS to the latest. If the latest still doesn't support the protocol,
the SELoader is able to load the Pkcs7VerifyDxe.efi driver if available.
Usually, the Pkcs7VerifyDxe.efi driver is located in the directory where
the SELoader resides on ESP.

You can build the Pkcs7VerifyDxe.efi driver from the scratch if you would
like to do it. Refer to Bin/README for the instructions.

Known Issues
------------
- The PKCS#7 detached signature format (.p7s) is not supported.

References
----------
libsign - the signing tool used to generate SELoader PKCS#7 signature
https://github.com/jiazhang0/libsign

grub - Mok2Verify patch to verify the grub.cfg, linux kernel and initrd
https://github.com/WindRiver-OpenSourceLabs/meta-secure-env/blob/pulsar-8/recipes-bsp/grub/grub-efi/mok2verify-support-to-verify-non-PE-file-with-PKCS-7.patch

meta-secure-env - a practical secure boot implementation based on oe-core
https://github.com/WindRiver-OpenSourceLabs/meta-secure-env

shim - implement MOK verify protocol
https://github.com/rhinstaller/shim