iPXE shim for Heimdal

[gne227]

Confirm the following are included in your repo, checking each box:

• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate(s) embedded in shim (the file passed to VENDOR_CERT_FILE)
• binaries, for which hashes are added to vendor_db ( if you use vendor_db and have hashes allow-listed )
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs
• a Dockerfile to reproduce the build of the provided shim EFI binaries

---

What is the link to your tag in a repo cloned from rhboot/shim-review?

---

https://github.com/gne227/shim-review/tree/heimdal-ipxe-shim-x64-aa64-20240529

---

What is the SHA256 hash of your final SHIM binary?

---

shimx64.efi caaff3a76e5a79b24b50185093b2342c07da06378ed768b993264c58404f77a9

shimaa64.efi 9afbdd9a702a1de8020424ca2d13ce150ebd02ae999c2c1c11745b156876ab8f

---

What is the link to your previous shim review request (if any, otherwise N/A)?

---

N/A

---

If no security contacts have changed since verification, what is the link to your request, where they've been verified (if any, otherwise N/A)?

---

N/A

[steve-mcintyre]

Hi!

You say in your submission:

Currently there are no distros that provide a Secure Boot version of iPXE

Is there a reason to do that? The iPXE project themselves have submitted a shim for review (#319). We accepted it after a few rounds of discussion and tweaks, and I'm hoping it should be ready soon.

So, I have to ask - how is your shim submission different to that one?

[mcb30]

The shim submitted here appears to be a direct clone of the shim submitted in #319. I would suggest that we wait until #319 is fully resolved. @gne227 Heimdal Security is welcome to contact me directly if you would like to join the ongoing discussions with Microsoft.

Also, the SBAT data in the Heimdal submission needs to include a separate line such as shim.heimdal or shim.ipxe.heimdal, since the version numbering of the shim.ipxe line is implicitly not under the control of Heimdal Security.

[gne227]

Regarding the question: "How is your shim submission different to that one?" it's mostly the same. We just wanted to follow the procedure of getting the iPXE shim signed by Microsoft and one of the requirements was to get a "preapproval by the SHIM review board".

I know that @mcb30 already made a submission here and got an approval and maybe you are asking now, why we still made the submission? We got the information from Michael Brown that Microsoft decided not to sign the iPXE shim, despite the approval from the shim review board. Having this information, we thought that Microsoft might not want to sign it for public use and might sign it for business use. It was just an idea.

Heimdal invested time and resources into implementing this feature, which can deploy custom OS images for our clients (most of them are using Windows as an Operating System) through iPXE and now we got stuck here, where we have the feature ready, but it doesn't work on machines that have Secure Boot enabled. We knew that at some point we would need to handle this part, signing the iPXE, but we didn't think achieving this would be so complicated.

[julian-klode]

So when we agreed to the iPXE review the idea we sort of agreed on was that we'd accept one shim from iPXE upstream but not downstream distributions of iPXE as we already have a hard time with all the tiny rescue discs using grub, and throwing in tons of iPXE users wouldn't be particularly intriguing.

And it shouldn't be needed; you don't need to sign the entire chain: the iPXE doesn't do any validation against shim, but only loads using the firmware interfaces.

[steve-mcintyre]

We got the information from Michael Brown that Microsoft decided not to sign the iPXE shim, despite the approval from the shim review board.

Curious about this - do you have any more information? Also: if Microsoft for some reason don't want to sign #319, why would your submission be any different? @mcb30 said the next meeting was due at the end of June, so...

[mcb30]

We got the information from Michael Brown that Microsoft decided not to sign the iPXE shim, despite the approval from the shim review board.

Curious about this - do you have any more information? Also: if Microsoft for some reason don't want to sign #319, why would your submission be any different? @mcb30 said the next meeting was due at the end of June, so...

Heimdal contacted me in mid April, at which point Microsoft had indicated that they would not sign the shim. This is still an active conversation with Microsoft, and I have a meeting with them scheduled for next week to discuss.

As per my #425 (comment) above, Heimdal is still welcome to contact me to ask to be looped in to this upcoming meeting.

[steve-mcintyre]

Added the blocked label - waiting on the story from #319

[steve-mcintyre]

I don't think this is going anywhere, so closing.

Please re-open and ping us if the situation changes.

[mcb30]

Microsoft has deferred the call yet again, unfortunately. No new date scheduled yet.

Honestly, at this rate it would be faster and more efficient for me to just find some EDK2 vulnerabilities that allow for a Secure Boot exploit. It's a pretty damning indictment of the Secure Boot model.