From e6e2383bf7c3b70ce928dbc7730a1320edeb6bf4 Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Fri, 30 May 2025 21:02:18 +0100 Subject: [PATCH] Rework handling of the Secure Boot keys and certificates We now need the official shim vendor certificate present in the SDK when building the kernel so that it can be inserted and used to verify the verity root hash and signed sysexts. While we're at it, copy the official signing certificate from Azure Key Vault so that we don't need to fetch it every time, simplifying the signing code. This change also partly deals with the eventual expiration of our shim vendor certificate. We cannot simply replace the shim with one containing just the new certificate because it needs to be able to boot kernels from older releases. We therefore now keep all the certificates in the coreos-sb-keys package as separate dated PEM files that then get combined into a single DER ESL that the shim build expects. Note that the shim does not check certificate expiry dates. It is therefore also no longer necessary to manually convert the certificate to DER format. The problem of actually upgrading the shim on user systems remains. Each certificate in the DER ESL requires an owner GUID. We previous used a zero GUID for the DB certificates, but these were only used for testing. I have therefore now generated a static GUID for Flatcar that we should use going forwards. Signed-off-by: James Le Cuirot --- build_library/build_image_util.sh | 4 +- build_library/grub_install.sh | 5 +- build_library/sbsign_util.sh | 31 ++------ build_library/vm_image_util.sh | 4 +- .../coreos-base/coreos-sb-keys/README.md | 1 - .../coreos-sb-keys-1.0.0.ebuild | 26 ------- .../coreos-sb-keys-2.0.0.ebuild | 60 +++++++++++++++ .../files/official/shim-20241107.pem | 21 +++++ .../coreos-sb-keys/files/official/signing.pem | 25 ++++++ .../coreos-base/coreos-sb-keys/files/shim.der | Bin 771 -> 0 bytes .../files/{ => unofficial}/DB.key | 0 .../files/{DB.crt => unofficial/DB.pem} | 0 .../shim-20231123.pem} | 0 .../files/{ => unofficial}/shim.key | 0 .../sys-boot/shim/shim-15.8-r2.ebuild | 72 ------------------ .../sys-boot/shim/shim-15.8-r3.ebuild | 44 +++++++++++ 16 files changed, 160 insertions(+), 133 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/coreos-sb-keys-1.0.0.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/coreos-sb-keys-2.0.0.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/official/shim-20241107.pem create mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/official/signing.pem delete mode 100644 sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/shim.der rename sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/{ => unofficial}/DB.key (100%) rename sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/{DB.crt => unofficial/DB.pem} (100%) rename sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/{shim.pem => unofficial/shim-20231123.pem} (100%) rename sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/{ => unofficial}/shim.key (100%) delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r2.ebuild create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r3.ebuild diff --git a/build_library/build_image_util.sh b/build_library/build_image_util.sh index 6d7dbfc165c..a68af31ac4b 100755 --- a/build_library/build_image_util.sh +++ b/build_library/build_image_util.sh @@ -797,7 +797,6 @@ EOF # calculated. Only for unofficial builds as official builds get signed later. if [[ ${COREOS_OFFICIAL:-0} -ne 1 ]]; then do_sbsign --output "${root_fs_dir}/boot/flatcar/vmlinuz-a"{,} - cleanup_sbsign_certs fi if [[ -n "${image_kernel}" ]]; then @@ -904,7 +903,7 @@ sbsign_image() { "${BUILD_LIBRARY_DIR}/disk_util" --disk_layout="${disk_layout}" \ mount "${disk_img}" "${root_fs_dir}" - trap "cleanup_mounts '${root_fs_dir}'; cleanup_sbsign_certs" EXIT + trap "cleanup_mounts '${root_fs_dir}'" EXIT # Sign the kernel with the shim-embedded key. do_sbsign --output "${root_fs_dir}/boot/flatcar/vmlinuz-a"{,} @@ -934,7 +933,6 @@ sbsign_image() { fi cleanup_mounts "${root_fs_dir}" - cleanup_sbsign_certs trap - EXIT if [[ -n "${pcr_policy}" ]]; then diff --git a/build_library/grub_install.sh b/build_library/grub_install.sh index 61e2fc6fb83..03e33d2cfca 100755 --- a/build_library/grub_install.sh +++ b/build_library/grub_install.sh @@ -90,7 +90,6 @@ ESP_DIR= LOOP_DEV= cleanup() { - cleanup_sbsign_certs if [[ -d "${ESP_DIR}" ]]; then if mountpoint -q "${ESP_DIR}"; then sudo umount "${ESP_DIR}" @@ -200,8 +199,8 @@ case "${FLAGS_target}" in # Unofficial build: Sign shim with our development key. sudo sbsign \ - --key /usr/share/sb_keys/DB.key \ - --cert /usr/share/sb_keys/DB.crt \ + --key /usr/share/sb_keys/unofficial/DB.key \ + --cert /usr/share/sb_keys/unofficial/DB.pem \ --output "${ESP_DIR}/EFI/boot/boot${EFI_ARCH}.efi" \ "${BOARD_ROOT}/usr/lib/shim/shim${EFI_ARCH}.efi" else diff --git a/build_library/sbsign_util.sh b/build_library/sbsign_util.sh index 4d7fcf22106..77587dec231 100644 --- a/build_library/sbsign_util.sh +++ b/build_library/sbsign_util.sh @@ -3,44 +3,23 @@ # found in the LICENSE file. if [[ ${COREOS_OFFICIAL:-0} -ne 1 ]]; then - SBSIGN_KEY="/usr/share/sb_keys/shim.key" - SBSIGN_CERT="/usr/share/sb_keys/shim.pem" + SBSIGN_KEY="/usr/share/sb_keys/unofficial/shim.key" + SBSIGN_CERT="/usr/share/sb_keys/unofficial/shim.pem" else SBSIGN_KEY="pkcs11:token=flatcar-sb-dev-hsm-sign-2025" - unset SBSIGN_CERT + SBSIGN_CERT="/usr/share/sb_keys/official/signing.pem" fi -PKCS11_MODULE_PATH="/usr/$(get_sdk_libdir)/pkcs11/azure-keyvault-pkcs11.so" +PKCS11_MODULE_PATH="$(pkg-config p11-kit-1 --variable p11_module_path)/azure-keyvault-pkcs11.so" PKCS11_ENV=( + AZURE_CORE_COLLECT_TELEMETRY=no AZURE_KEYVAULT_URL="https://flatcar-sb-dev-kv.vault.azure.net/" PKCS11_MODULE_PATH="${PKCS11_MODULE_PATH}" AZURE_KEYVAULT_PKCS11_DEBUG=1 ) -get_sbsign_cert() { - if [[ ${SBSIGN_KEY} != pkcs11:* || -s ${SBSIGN_CERT-} ]]; then - return - fi - - SBSIGN_CERT=$(mktemp -t signing-cert.XXXXXXXXXX.pem) - info "Fetching ${SBSIGN_KEY} from Azure" - - # Needs Key Vault Reader role. - env "${PKCS11_ENV[@]}" p11-kit export-object \ - --provider "${PKCS11_MODULE_PATH}" \ - "${SBSIGN_KEY};type=cert" \ - | tee "${SBSIGN_CERT}" -} - -cleanup_sbsign_certs() { - if [[ ${SBSIGN_CERT-} == "${TMPDIR-/tmp}"/* ]]; then - rm -f -- "${SBSIGN_CERT}" - fi -} - do_sbsign() { - get_sbsign_cert info "Signing ${@:$#} with ${SBSIGN_KEY}" if [[ ${SBSIGN_KEY} == pkcs11:* ]]; then diff --git a/build_library/vm_image_util.sh b/build_library/vm_image_util.sh index 1a6950ea2f1..b0fd5879bec 100644 --- a/build_library/vm_image_util.sh +++ b/build_library/vm_image_util.sh @@ -863,7 +863,7 @@ _write_qemu_uefi_secure_conf() { local flash_rw="$(_dst_name "_efi_vars.qcow2")" local flash_ro="$(_dst_name "_efi_code.qcow2")" local script="$(_dst_dir)/$(_dst_name ".sh")" - local owner="00000000-0000-0000-0000-000000000000" + local owner=$(M7+_6-r4rX8Yfr%O;RIInvmGmyJ`a&7QA+G^98*?ZNGY?B~MrN*ooH(zMv7w=nv5~QXp{YTXIIjtiYiI%GVrpn&R6;hC zk(GhDiIJZH=ngKXCPqevmo^#VGDbGqR~~Yk2AllpN?Yo%kCiLMf7-d9@A? z|F_y8R7R)c^_rLEi(fcEDKF|)V+PHZ-;n>ToUd*Wv8}RZR)~*4J(6Zt81$!zWSIN#WQge z$LtyM8?v`N7f2|Lwk#?WNt$A4mi$R)t;cM}(AX&pF3ySF;3TVKb}fT3^oZoVbN_b- zZm>m;i)X;o(MQ+Oj$EouT zOrM{Qx-_{=m|1*s(&uBZm%Yp}WZqvk#gmDdk%4h>utA`KEHIp9`B=nQL>j{7Wsa+K z#-8rXUi_^`hVRIfvr7!*LDI@B5(Z)o*cI@D6bLgi{%2t|UWiGJ>J};=3!PUcSM+1zt6aBz%=_}^zFF7Id-9L&DgB49 zo4Jk_Hwd)|vMVbIC~ID~o4d*K>X8*07P&bxz8m6O)*W5+`l-hWu~J5Bz87qlQZFqM z&a%Iw@V+bVl!7DYhCK6J^SG+Vrsbc#t=f{AO0U@IoWCI0xy8{!D&oe3d*|i$-Z|s) z#-+uid{RhN>-PN22+RML^S$2v{IIUfm)BF(NWAGt^eXQeYED}eq;Di#cxFCzMqo8d JW2*7NG5~RCG3o#S diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/DB.key b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/unofficial/DB.key similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/DB.key rename to sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/unofficial/DB.key diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/DB.crt b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/unofficial/DB.pem similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/DB.crt rename to sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/unofficial/DB.pem diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/shim.pem b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/unofficial/shim-20231123.pem similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/shim.pem rename to sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/unofficial/shim-20231123.pem diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/shim.key b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/unofficial/shim.key similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/shim.key rename to sdk_container/src/third_party/coreos-overlay/coreos-base/coreos-sb-keys/files/unofficial/shim.key diff --git a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r2.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r2.ebuild deleted file mode 100644 index 10defae63cb..00000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r2.ebuild +++ /dev/null @@ -1,72 +0,0 @@ -# Copyright 2015 CoreOS, Inc. -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -inherit multilib - -DESCRIPTION="UEFI Shim loader" -HOMEPAGE="https://github.com/rhboot/shim" -SRC_URI="https://github.com/rhboot/shim/releases/download/${PV}/shim-${PV}.tar.bz2" -KEYWORDS="amd64 arm64" - -LICENSE="BSD" -SLOT="0" -IUSE="official" - -RDEPEND="" -# TODO: Would be ideal to depend on sys-boot/gnu-efi package, but -# currently the shim insists on using the bundled copy. This will need -# to be addressed by patching this check out after making sure that -# our copy of gnu-efi is as usable as the bundled one. -DEPEND=" - dev-libs/openssl - coreos-base/coreos-sb-keys -" - -PATCHES=( - "${FILESDIR}/0001-Fix-parallel-build-of-gnu-efi.patch" -) - -src_compile() { - local emake_args=( - CROSS_COMPILE="${CHOST}-" - ) - - sed -e "s/@@VERSION@@/${PVR}/" "${FILESDIR}"/sbat.csv.in >"${WORKDIR}/sbat.csv" || die - - # Apparently our environment already has the ARCH variable in - # it, and Makefile picks it up instead of figuring it out - # itself with the compiler -dumpmachine flag. But also it - # expects a different format of the values. It wants x86_64 - # instead of amd64, and aarch64 instead of arm64. - if use amd64; then - emake_args+=( ARCH=x86_64 ) - elif use arm64; then - emake_args+=( ARCH=aarch64 ) - fi - emake_args+=( ENABLE_SBSIGN=1 ) - emake_args+=( SBATPATH="${WORKDIR}/sbat.csv" ) - - if use official; then - if [ -z "${SHIM_SIGNING_CERTIFICATE}" ]; then - die "use production flag needs env SHIM_SIGNING_CERTIFICATE" - fi - emake_args+=( VENDOR_CERT_FILE="${SHIM_SIGNING_CERTIFICATE}" ) - else - emake_args+=( VENDOR_CERT_FILE="/usr/share/sb_keys/shim.der" ) - fi - emake "${emake_args[@]}" || die -} - -src_install() { - local suffix - suffix='' - if use amd64; then - suffix=x64 - elif use arm64; then - suffix=aa64 - fi - insinto /usr/lib/shim - newins "shim${suffix}.efi" "shim${suffix}.efi" - newins "mm${suffix}.efi" "mm${suffix}.efi" -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r3.ebuild new file mode 100644 index 00000000000..daf58253b98 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.8-r3.ebuild @@ -0,0 +1,44 @@ +# Copyright 2015 CoreOS, Inc. +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="UEFI Shim loader" +HOMEPAGE="https://github.com/rhboot/shim" +SRC_URI="https://github.com/rhboot/shim/releases/download/${PV}/shim-${PV}.tar.bz2" +KEYWORDS="amd64 arm64" + +LICENSE="BSD" +SLOT="0" +IUSE="official" + +# TODO: Would be ideal to depend on sys-boot/gnu-efi package, but +# currently the shim insists on using the bundled copy. This will need +# to be addressed by patching this check out after making sure that +# our copy of gnu-efi is as usable as the bundled one. +DEPEND=" + dev-libs/openssl +" +BDEPEND=" + coreos-base/coreos-sb-keys +" + +PATCHES=( + "${FILESDIR}/0001-Fix-parallel-build-of-gnu-efi.patch" +) + +src_compile() { + sed -e "s/@@VERSION@@/${PVR}/" "${FILESDIR}"/sbat.csv.in >"${WORKDIR}/sbat.csv" || die + + unset ARCH + emake \ + CROSS_COMPILE="${CHOST}-" \ + ENABLE_SBSIGN=1 \ + SBATPATH="${WORKDIR}"/sbat.csv \ + VENDOR_DB_FILE="${BROOT}"/usr/share/sb_keys/$(usex official official unofficial)/shim.esl +} + +src_install() { + insinto /usr/lib/shim + doins shim?*.efi mm?*.efi +}