-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
iPXE shim (new submission) #319
Comments
@steve-mcintyre This is the submission we discussed in person on Wednesday 15th - thank you for taking the time to talk! |
|
Strange. The
and I do not get any error when building with the command Thank you for verifying the hash and sbat values. 🙏 |
@frozencemetery I see you added the |
The shim-review instructions clearly state:
I have been been advised off-list that the shim-review instructions are incorrect and that it is necessary to either include commit rhboot/shim@7c76425 that is not part of the 15.7 release, or to work around its absence by running an extra Could one of the reviewers please advise? |
The instructions to start with the tarball do not preclude including other patches. The instructions are there because the tarball is built with submodules setup correctly whereas if you start from git it involves more work and you may get it wrong. |
One thing I advise is not to use a custom docker image, because then we need to inspect the custom docker image and that adds a lot more friction than starting from a trusted vendor image in your dockerfile. |
The instructions suggest that the intention is to base the submission on the most recent release (currently 15.7) rather than on the current I am happy to rebase onto current shim |
The Docker image used is simply a static snapshot of upstream Fedora, in order to give a reproducible build environment as required to be able to verify the sha256sums. This is modelled on the most recent RHEL shim-review submission, which uses a similar approach. I am happy to use any trusted vendor image that will also give a reproducible build (i.e. where all versions of all packages used are fixed). Could you please suggest a suitable trusted vendor image? |
RHEL is a special case because it doesn't have public images so they gotta do something. I always end up rebuilding the RHEL submissions with the Dockerfiles changed to CentOS Steam to ensure the image is not funky. If the image becomes unreproducible between submission and review you'll have to update the submission. A GitHub action building he shims and comparing them and a public registry might also be enough evidence for reviews, although only Ubuntu had GitHub actions so far, so um, not much prior art :) I do not know how Fedora and co are structured. Our Ubuntu shims we build without the -updates pocket, so the set is reasonably fixed (unless there's toolchain updates in security). |
I think what it comes down to for iPXE aside from the technical submissions bit is the question why this needs to be signed. When we last talked about iPXE, the general consensus was that it seems unnecessary and users can just use grub to achieve their goals. If we sign this shim, what about other distros? Our stance so far has been that shims must only load a single boot loader, they should not be able to have two exploitable bits after them. Will there be other vendors trying to sign shims just for iPXE? Do we care at all? Does it still matter? With SBAT we can just revoke all iPXEs in the world when we want to, so it does not add as much attack surface as in the past when one could only revoke shims. The submission is unclear about the motivation for this signing request too and contains conflicting statements: It both states that iPXE has not been signed so far but also that it has been signed directly. What value does adding a shim provide if it can be signed directly? Wouldn't iPXE be better served by implementing SBAT and SBAT self-revocation itself and submitting iPXE binaries directly for signing to Microsoft rather than potentially wait months for shim submissions to be reviewed? |
OK, so the goal is to have an only temporarily reproducible build 🙂 Is there any chance of having a standard "please use this container" for all shim review submissions? The toolchain required to build shim from source is fixed, so having a standard container that includes all of the tools (and that gets updated once per shim release) would make life simpler for everyone. In the meantime, I'll update this submission to use a less strictly reproducible build environment as requested. |
I'm not sure what you're objecting to here, sorry. This shim will be used to just load a single boot loader: iPXE. I'm not planning to sign any subsequent bootloaders. I'm not expecting any other vendors to want signed shims for iPXE. The motivation behind features such as iPXE's Yes, iPXE includes SBAT metadata so the revocation mechanism is fairly straightforward.
Distros have not signed iPXE using their shim-embedded certificates. MS has signed a few iPXE binaries after lengthy and expensive review.
Sure: if you're happy to pay me the £30,000 it costs per submission to get the MS-required security review from IOActive for direct signing, then there would be no need for an iPXE shim. |
Well our goal is to not have people submit shims that don't build large distributions, so um each distribution builds their own shim in their own distribution. Because we can't review all those tiny rescue disks and whatnot. The old Google submission used
which I guess is safe (I mean in GitHub it wouldn't be, because it dedups commits across repos, but um I guess docker doesn't have forks, or at least I'd hope). |
People have been asking various distributions to sign their iPXE builds, for example. People always want custom builds, they're people, sadly. We told them no, you can't sign iPXE with the chain trusted by your shim |
Where are you trying to get to with this line of argument? If your goal is to end up saying "no, we don't want to allow shim to be used even for the iPXE project's own published iPXE binaries" then this is a total dead end, and I'll just push a strong message to customers that they will have to continue to disable Secure Boot for the foreseeable future. Is that your preferred outcome here? |
Would it be possible to get some clarity on this? I'm very happy to put in the effort to change the Dockerfile, pick up patches not included in shim-15.7, etc, but I don't want to waste my time if the end result is just going to be "sorry, please don't try to support Secure Boot". |
Last I tried Grub as a user it was not able to run signed wimboot since it has no "run efi binary", it lackd http support, network drivers, and was not able to provide the logic required for many of the usecases that iPXE provides. As such I think the statement "users can just use grub to achieve their goals" is factually incorrect. iPXE needs to be signed, and is signed, the only question is how we do so moving forward in a reasonable manner. Only reading this thread, one might think that there is only one signed build of Grub, or that different standards is used, why would that be ok, but not ok to sign the default builds of ipxe.efi and snponly.efi (?) |
There was supposed to be an update here yesterday, but it seems to have not have happened. Yesterday, we discussed the issue of signing iPXE in our weekly (but paused for the past weeks) call. Our summary was:
|
Great news, thank you. How do we now actually move this forwards? |
I've gone through the assorted comments above, and it looks to me as though there are two substantive issues to be addressed:
@julian-klode Is there anything else that you are expecting to be done, or are the above two sufficient? |
Whom is waiting for whom? (Or any other update on this (currently) stalled issue.) |
@julian-klode Hello, I am an ipxe user, is there any progress in signing? I have been paying attention to whether ipxe can support uefi boot, and then I found here, and saw that there has been no news for several months, so I asked here, thank you. |
Another attempt to get this issue on the agenda by partial qouting #319 (comment)
|
@mcb30 Is there anything that you need other than the answers to your 2 questions above to move forward? |
No, that's all I need: some kind of clear statement from @julian-klode (or another shim reviewer) to clarify what changes they want made. |
Got it. There is a weekly meeting referenced in the thread by @julian-klode. If there is any additional input needed to validate the need for this shim, I could see if I could get something added by my employer. |
Once the shim is signed by Microsoft, then yes. The intention is to release the signed shim, and then to make regular releases of some standard builds of iPXE signed by the EV certificate in the shim. |
The intention of me asking is for example create an own build of iPXE with an embedded CA, sign the kernel with this cert and boot it via HTTPS |
Two issues with that:
The expected usage pattern is that a Linux boot will involve the following steps:
|
@mcb30 Argh, apologies - just noticed one thing I missed on my review (and clearly so did others :-( )... You're embedding a PEM-encoded certificate in your build, which can't work. It needs to be DER-encoded. Sorry, should have noticed this much earlier. |
@mcb30 I'm surprised you didn't see this in testing, tbh... |
Great catch, thank you for spotting that! This slipped through testing because the test environment, of course, was using test certificates rather than the real EV certificate, and the test certificate was correctly encoded as DER. I'll update the submission now: give me 15 minutes for everything to propagate through... |
Updated submission (previously #319 (comment), fixed to use DER-encoded certificate and Confirm the following are included in your repo, checking each box:
What is the link to your tag in a repo cloned from rhboot/shim-review?https://github.com/ipxe/shim-review/tree//ipxe-shim-x64-aa64-20240319 What is the SHA256 hash of your final SHIM binary?
What is the link to your previous shim review request (if any, otherwise N/A)?Continued in this issue, so as not to lose track of the fact that this submission has already been waiting over one year. |
@steve-mcintyre Everything updated. Sorry it took so long: it's a very manual process dealing with all of this automation. 🙃 Could you please recheck and re-add the "accepted" label? 🙏 |
Cool, all looks good with that change. Accepted. |
Thank you. Resubmitted to Microsoft as UEFI signing submission 14306281433235827. |
What I understand from https://learn.microsoft.com/en-us/windows-hardware/drivers/dashboard/file-signing-manage#view-uefi-or-lsa-submission-details are some credentials needed to see the status. Some one with such credentials, please update this issue with that status. |
Hey folks, did you get a signed shim here yet please? |
Discussions with Microsoft are still ongoing. Next meeting is currently scheduled for late June. |
Hey! Did you make any progress there? |
Yes, we had one meeting in late June and another today. The reception has been generally positive, we have clarified a lot of details about the usage policies for the iPXE shim, and we're hoping to get to a final green light within the next month or two. |
On Tue, Jul 16, 2024 at 02:15:04PM -0700, Michael Brown wrote:
... and we're hoping to get to a final green light within the next month or two.
Off by one, by now
|
Still ongoing, just very slowly. The next call with Microsoft has been deferred multiple times due to availability constraints, and we're currently looking at October 31st. |
Hi. Is there anything to please you with? |
As an update: we are still waiting on Microsoft. This seems to be a permanent state of affairs. 😞 |
As someone who has been following this for some time, I'm incredibly disappointed. Is there anything we can do as a community to help escalate this issue? |
Honestly, I don't know. Please feel free to reach out to Microsoft via any commercial support route that your company may have in place, to indicate that this is something you would like to see happen. |
Ok, it's a pity that Microsoft doesn't want to make contact yet. Is it
possible to make a signed bootloader work with my configuration file? I'm
trying to put autoexec.ipxe next to snponly.efi, but the configuration file
is not picked up.
чт, 21 нояб. 2024 г. в 03:29, Jason Berry ***@***.***>:
… As someone who has been following this for some time, I'm incredibly
disappointed.
It's clearly possible to get the latest version signed as seen here:
https://knowledge.broadcom.com/external/article/280113/updated-64bit-ipxeefi-ipxe-v1211+-binari.html
Is there anything we can do as a community to help escalate this issue?
—
Reply to this email directly, view it on GitHub
<#319 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AQWQIO447T3YXU4FEDD6VX32BUZPHAVCNFSM6AAAAAAU73EWGCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOBZHA3TQOBQHE>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Yes, the eventual idea is that a signed (or shim-signed) iPXE binary will pick up If you are trying to use a signed iPXE binary provided by a third party such as Broadcom, then that is completely unsupported since we have no idea what went into their iPXE binary. |
The Broadcom iPXE binary contains a simple embedded script. Embedded script
The Broadcom iPXE binary contacts the TFTP server's IP (from which it was initially loaded) via HTTP on port 4433 and requests the /Altiris/iPXE/GetPxeScript.aspx location. Nginx config
|
I did everything as you indicated. But for some reason the file
GetPxeScript.aspx does not open but is downloaded. I don't understand, is
this some kind of Linux limitation or am I doing something wrong?
|
Use at your own risk as Michael has stated, but the answer to your question is yes, these 3rd party signed binaries do work with Secure Boot.
Linux is case sensitive, so the iPXE script you use in your GetPxeScript.aspx file will need to respect the case of the files you are calling from your HTTP server. This is all outside the scope of this shim-review issue, so I suggest moving any further discussion to https://github.com/ipxe/ipxe/discussions |
Confirm the following are included in your repo, checking each box:
UPDATED: see below at #319 (comment)
What is the link to your tag in a repo cloned from rhboot/shim-review?
https://github.com/ipxe/shim-review/tree/ipxe-shim-x64-aa64-20230217What is the SHA256 hash of your final SHIM binary?
shimx64.efi
26ec898a8e801fceafec29577386286687efe55d68fa96dc068adb4f5f02060eshimaa64.efi
be492d53adff1720e130347a68fb1df3231b7bce824ef3d41cdb311b26d2e024What is the link to your previous shim review request (if any, otherwise N/A)?
N/A
The text was updated successfully, but these errors were encountered: