Adventures with the UEFI shim

Peter Jones pjones at redhat.com
Wed Oct 7 20:17:29 BST 2020 

On Thu, Oct 01, 2020 at 03:16:08PM -0400, Paul Moore wrote:
> Hello all,
> 
> I was looking for a list to discuss the UEFI shim and was directed
> here, if there is a better place please correct me.

This is the place, but we've only just set the list up, so there's not
much here yet.

> While most shim use cases involve using shim to load GRUB which in
> turn loads the kernel/OS, I'm looking to use shim to boot the
> kernel/OS directly.  Specifically, I want to use shim to boot a
> combined kernel+initrd+cmdline EFI application using the systemd-boot
> EFI stub.  Unfortunately I've been running into problems with shim's
> ExitBootServices hook.  Looking at the code, it would appear that shim
> expects (and requires) that some piece of the bootloader chain calls
> into shim's verification protocol to authorize the kernel prior to
> calling ExitBootServices.  This would normally be handled by GRUB, or
> any other bootloader in the chain, but if there is no bootloader
> beyond shim things fall apart.
>
> If this was anything but shim, the fix would be a small and
> straightforward patch to replacements.c:exit_boot_services() but since
> our project would eventually like to get a shim signed by Microsoft we
> need to find a solution that is suitable for the rhboot/shim-review
> crowd.

Let me start by saying that I don't think there's a good answer here,
for a lot of reasons.  The biggest one is that systemd-boot is LGPL and
linux is GPL licensed, and Microsoft has stated repeatedly that they're
not going to sign images that are GPL licensed.  That's a part of why
shim exists in the first place.

If it weren't for that, I would say:
- put a pubkey in shim like normal
- sign your kernel with it
- make systemd-boot call the shim lock protocol on the embedded kernel

But that's clearly not going to work because of the licensing of the
resulting packed binary.

So I guess the questions are:

- What's your reasoning for wanting to go the systemd-boot packed
  binary route?  There may be more options, depending on which parts of
  that design are critical to you.
- If you can share, what does your timeline for needing something signed
  look like?

> I've got a couple of ideas on ways this could be resolved, but
> I wanted to check with the list to see if anyone has attempted this
> before, and if so, how they did it.  I can't believe I'm the first to
> attempt this.

I don't think anyone has actually tried to do this in a way that honors
the Secure Boot threat model.

> As an aside, how do people do dev/test of the UEFI shim when UEFI
> Secure Boot is enabled?  I originally thought I could use a Microsoft
> signed shim to boot my development shim which would finally boot the
> kernel/OS, but I'm running afoul of the nested EFI service hooks.  Any
> advice you can provide would be appreciated.

We use Qemu with OVMF (see the "edk2" packages in fedora for example
builds) and enroll our own certs and self-sign everything.  The biggest
"gotcha" there is to be sure you have one cert that's in 'db' and signs
shim, and a completely different cert that shim trusts, which signs
anything shim might be loading.  That said, my statement here is
obviously not written with your attempt to use systemd-boot in mind.

-- 
        Peter

More information about the Efi mailing list