[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMw=ZnREf8L1hrGgFUMrcBJNf-7ZTs0hMNFMB_nNAvyV=Pe2Nw@mail.gmail.com>
Date: Fri, 21 Jul 2023 16:22:00 +0100
From: Luca Boccassi <bluca@...ian.org>
To: James Bottomley <James.Bottomley@...senpartnership.com>
Cc: Eric Snowberg <eric.snowberg@...cle.com>,
Ard Biesheuvel <ardb@...nel.org>,
Daniel P. Berrangé <berrange@...hat.com>,
Emanuele Giuseppe Esposito <eesposit@...hat.com>,
"x86@...nel.org" <x86@...nel.org>,
Thomas Gleixner <tglx@...utronix.de>,
"lennart@...ttering.net" <lennart@...ttering.net>,
Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
Dave Hansen <dave.hansen@...ux.intel.com>,
"H. Peter Anvin" <hpa@...or.com>,
Andrew Morton <akpm@...ux-foundation.org>,
Masahiro Yamada <masahiroy@...nel.org>,
Alexander Potapenko <glider@...gle.com>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Vitaly Kuznetsov <vkuznets@...hat.com>,
open list <linux-kernel@...r.kernel.org>,
"linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>,
"keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
Jarkko Sakkinen <jarkko@...nel.org>
Subject: Re: [RFC PATCH v2] x86/boot: add .sbat section to the bzImage
On Fri, 21 Jul 2023 at 16:14, Luca Boccassi <bluca@...ian.org> wrote:
>
> On Fri, 21 Jul 2023 at 14:34, James Bottomley
> <James.Bottomley@...senpartnership.com> wrote:
> >
> > On Fri, 2023-07-21 at 14:10 +0100, Luca Boccassi wrote:
> > > On Fri, 21 Jul 2023 at 14:01, James Bottomley
> > > <James.Bottomley@...senpartnership.com> wrote:
> > [...]
> > > > Well, my job is to be concerned about how individuals who want to
> > > > own their own keys, either in MoK or db, participate in this, so I
> > > > am mostly thinking about local signing. Whatever we decide, there
> > > > must be a local workflow pathway.
> > >
> > > Sure but for local signing via MoK that's obviously fine, as one gets
> > > to keep the pieces. AFAIK it's a different flow in Shim whether
> > > something is authorized by MoK, DB or the built-in cert, so having
> > > different policies built-in for those different cases should be
> > > doable. Actually at the moment even if Shim loads the image, if it
> > > gets authorized by DB .sbat isn't checked at all.
> >
> > So let's be sure we mean the same thing here. There is really no third
> > party CA. Microsoft gives the distributions a signing key to allow
> > them to sign their version of shim. Some distributions, like Red Hat,
> > also embed their signing certificates in shim, so shim can distinguish
> > between a RH key and another key added to MokList. However, some
> > distributions, like SUSE, insist that all signing keys be approved by
> > the machine owner (so no embedded shim certs for non-enterprise) and
> > their shim can't distinguish between SUSE keys and machine owner
> > additions. Given the variances in key handling, I think trying to
> > distinguish between official and developer keys is a huge addition of
> > complexity we don't need, so there has to be a workflow that functions
> > for both and that workflow would seem to be allowing non-existent or
> > empty sbat sections. Official key holders would *always* add sbat
> > sections, so there's really no problem that needs a solution to be
> > mandated here.
>
> The certificate is called the "Microsoft Corporation UEFI CA 2011" ,
> issued by the "Microsoft Corporation Third Party Marketplace Root". So
> for short, we call it UEFI 3rd party CA :-)
> Anyway, I wasn't aware that SUSE doesn't embed their cert in Shim,
> we'll have to take that in consideration for sure.
Actually, a dev from SUSE's security just confirmed they embed their
CA in Shim like every other distribution. Nobody seems to be aware of
any example where a distribution relies exclusively on MoK - and
that's understandable, as that would mean failing to boot by default
on a new machine. Do you have any example/cases where that's actually
happening? Outside development/local signing/etc.
Powered by blists - more mailing lists