Ctrl IQ, Inc EL9 Shim 15.8 for x64
Opened this issue ยท 11 comments
Confirm the following are included in your repo, checking each box:
- completed README.md file with the necessary information
- shim.efi to be signed
- public portion of your certificate(s) embedded in shim (the file passed to VENDOR_CERT_FILE)
- binaries, for which hashes are added to vendor_db ( if you use vendor_db and have hashes allow-listed )
- any extra patches to shim via your own git tree or as files
- any extra patches to grub via your own git tree or as files
- build logs
- a Dockerfile to reproduce the build of the provided shim EFI binaries
What is the link to your tag in a repo cloned from rhboot/shim-review?
https://github.com/ctrliq/ciq-shim-build/releases/tag/ciqliq-shim-EL9-x64-20240705
What is the SHA256 hash of your final SHIM binary?
SHA256 (shimx64.efi) = f67bf3bb333d1e8ecfbb372f93ad7056e12c43c4eedc335e235c66b7af9fa940
What is the link to your previous shim review request (if any, otherwise N/A)?
Ctrl IQ, Inc Shim 15.8 for x64 & ia32 #366
If no security contacts have changed since verification, what is the link to your request, where they've been verified (if any, otherwise N/A)?
Can we get the UKI's SBAT, or you aren't providing UKI kernel?
Can we get the UKI's SBAT, or you aren't providing UKI kernel?
We are not moving forward with signing UKI build at this time.
@aronowski @SherifNagy Please let me know if I can provide additional information to help the review process.
@jason-rodri nothing at the moment, we are working through the queue
The application looks alright, apart from one minor nitpick:
*******************************************************************************
### Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB2)?
*******************************************************************************
Grub2 will only load unsigned code if the secureboot feature is turned off load unsigned kernels, but only with secureboot mode turned off on an end-user's system.
The duplicated explanation in the answer hasn't been fixed yet, just like in the EL8 application. ;-)
Review of ciqliq-shim-EL9-x64-20240518
- Security contacts looks good, didn't change since last successful submission
- Keys are stored in FIPS HSM
Shim
- Uses upstream 15.8 and source hashes matches original hashes
- SBAT entries from shim looks fine
- No patches added on top of upstream shim
- Vendor SBAT entry is at 1
- Binaries are reproducible using the container image
STEP 14/14: RUN chmod 0755 /root/shim-compare.sh; /root/shim-compare.sh
Shim Comparison, original binary vs. freshly built binaries:
SHA256 sums ::
f67bf3bb333d1e8ecfbb372f93ad7056e12c43c4eedc335e235c66b7af9fa940 /shimx64.efi
f67bf3bb333d1e8ecfbb372f93ad7056e12c43c4eedc335e235c66b7af9fa940 /shim_result/usr/share/shim/15.8-0.el9/x64/shimx64.efi
- NX flag is not set, because the chain is not yet ready
- Self signed 4096 bit cert and valid for almost 24 years
GRUB2
- SBAT looks fine (keeps upstream RHEL/rocky grub2)
- Version currently does not include NTFS patches, but the signed versions also not include the NTFS module so sbat
grub,3 - Module list sound fine
Kernel
- Ephemeral keys are used for signing kernel modules
- Lockdown patches are included (keeps upstream RHEL kernel)
Notes
Along side the note from @aronowski
- UKI kernel isn't signed, so keep an eye on the meta issue #397
- grub2's SBAT note section "version" isn't 100% accurate with upstream
- fwupd notes section as well needs fixing, below is what Rocky currently has
sbat,1,UEFI shim,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
fwupd-efi,1,Firmware update daemon,fwupd-efi,1.4,https://github.com/fwupd/fwupd-efi
fwupd-efi.rhel,1,Red Hat Enterprise Linux,fwupd,1.9.13,mail:secalert@redhat.com
fwupd-efi.rocky,1,Rocky Linux,fwupd,1.9.13,mail:security@rockylinux.org
- You aren't keeping any upstream fwupd entries for sbat, I assume this is acceptable Cc: @steve-mcintyre for input
Other than those few notes, LGTM, we will need one more reviewer
Review of ciqliq-shim-EL9-x64-20240705
- Contacts are already verified
- Linux vendor for support and products based on Rocky Linux
- Keys are stored in a HSM
Shim
- Based on upstream 15.8 without patches
- NX flag is disabled
- Embedded self-signed CA is valid till 2048 and uses 4096bit RSA, Digital Signature attribute is set
- SBAT looks fine
- Is reproducible using Dockerfile:
#17 0.422 f67bf3bb333d1e8ecfbb372f93ad7056e12c43c4eedc335e235c66b7af9fa940 /shimx64.efi
#17 0.422 f67bf3bb333d1e8ecfbb372f93ad7056e12c43c4eedc335e235c66b7af9fa940 /shim_result/usr/share/shim/15.8-0.el9/x64/shimx64.efi
GRUB2 and fwupd
- Based on Rocky 9
- SBAT level still on 3, because NTFS patches are not included (fine for now as NTFS modules were not signed)
- Module list looks fine
- upstream SBAT entries are preserved
- fwupd entries now look good
Kernel
- Lockdown patches from Rocky/RHEL are used
- ephemeral key signing is used
- Mainly 5.14, but also other LT version and latest kernel are build
LGTM! I'll raise the certmule/certwrapper question during today's call and will get back to you
As discussed yesterday using certwrapper to import the Rocky Linux CA is likely fine. We just need confirmation that certwrapper is ready for production use and can be signed. @jsetje do you know the status of certwrapper?
Signed binaries returned from MSFT.
I understand the that there is still a question around certwrapper. Do we still want to keep this open until @jsetje replies?