Lernstick shim-15.4-6 x64 (20210729)

[ronnystandtke]

Make sure you have provided the following information:

• link to your code branch cloned from rhboot/shim-review in the form user/repo@tag
  https://github.com/Lernstick/shim-review/tree/lernstick-shim-amd64-20210729
• completed README.md file with the necessary information
• shim.efi to be signed
• public portion of your certificate(s) embedded in shim (the file passed to VENDOR_CERT_FILE)
  https://github.com/Lernstick/shim-review/blob/lernstick-shim-amd64-20210729/lernstick-uefi-ca.der
• binaries, for which hashes are added do vendor_db ( if you use vendor_db and have hashes allow-listed )
• any extra patches to shim via your own git tree or as files
• any extra patches to grub via your own git tree or as files
• build logs
• a Dockerfile to reproduce the build of the provided shim EFI binaries

What organization or people are asking to have this signed:

Lernstick Team part of the Research Center for Digital Sustainability at University of Bern (https://lernstick.ch)

What product or service is this for:

Lernstick and Lernstick Exam

Please create your shim binaries starting with the 15.4 shim release tar file:

https://github.com/rhboot/shim/releases/download/15.4/shim-15.4.tar.bz2

This matches https://github.com/rhboot/shim/releases/tag/15.4 and contains

the appropriate gnu-efi source.

Please confirm this as the origin your shim.

We confirm that we are using the source from
https://github.com/rhboot/shim/releases/download/15.4/shim-15.4.tar.bz2.

What's the justification that this really does need to be signed for the whole world to be able to boot it:

Lernstick is a distribution for schools and universities for BYOD (bring your own device) use cases and exams. It is currently mainly used in Switzerland, Austria and Germany.

• To make BYOD work with modern devices we need the option to boot with SecureBoot enabled.
• For Lernstick Exam we want to implement remote attestation and need control over the boot chain with SecureBoot enabled on the users device.

How do you manage and protect the keys used in your SHIM?

The keys are stored on a FIPS 140-2 certified SmartCard (YubiKey FIPS Model 0010).

Do you use EV certificates as embedded certificates in the SHIM?

No.

If you use new vendor_db functionality, are any hashes allow-listed, and if yes: for what binaries ?

No, we don't use the new vendor_db functionality.

Is kernel upstream commit 75b0cea7bf307f362057cc778efe89af4c615354 present in your kernel, if you boot chain includes a Linux kernel ?

Yes, 75b0cea7bf307f362057cc778efe89af4c615354 is present.

if SHIM is loading GRUB2 bootloader, are CVEs CVE-2020-14372,

CVE-2020-25632, CVE-2020-25647, CVE-2020-27749, CVE-2020-27779,

CVE-2021-20225, CVE-2021-20233, CVE-2020-10713, CVE-2020-14308,

CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705,

( July 2020 grub2 CVE list + March 2021 grub2 CVE list )

and if you are shipping the shim_lock module CVE-2021-3418

fixed ?

Yes, we are using the downstream GRUB2 version from Debian which has those CVEs fixed.

"Please specifically confirm that you add a vendor specific SBAT entry for SBAT header in each binary that supports SBAT metadata

( grub2, fwupd, fwupdate, shim + all child shim binaries )" to shim review doc ?

Please provide exact SBAT entries for all SBAT binaries you are booting or planning to boot directly through shim

Yes, we add vendor specific SBAT entries to every binary that supports SBAT metadata.
We also include the SBAT entries from upstream (in our case Debian).

shim

sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
shim,1,UEFI shim,shim,1,https://github.com/rhboot/shim
shim.debian,1,Debian,shim,15.4,https://tracker.debian.org/pkg/shim
shim.lernstick,1,Lernstick,shim,15.4,https://github.com/Lernstick/shim

grub2

sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
grub,1,Free Software Foundation,grub,2.04,https://www.gnu.org/software/grub/
grub.debian,1,Debian,grub2,2.04-20,https://tracker.debian.org/pkg/grub2
grub.lernstick,1,Lernstick,grub2,2.04-20,https://github.com/Lernstick/grub

Were your old SHIM hashes provided to Microsoft ?

No. First submisssion.

Did you change your certificate strategy, so that affected by CVE-2020-14372, CVE-2020-25632, CVE-2020-25647, CVE-2020-27749,

CVE-2020-27779, CVE-2021-20225, CVE-2021-20233, CVE-2020-10713,

CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705 ( July 2020 grub2 CVE list + March 2021 grub2 CVE list )

grub2 bootloaders can not be verified ?

N/A. First submission.

What exact implementation of Secureboot in grub2 ( if this is your bootloader ) you have ?

* Upstream grub2 shim_lock verifier or * Downstream RHEL/Fedora/Debian/Canonical like implementation ?

We are using the downstream GRUB2 from Debian.

What is the origin and full version number of your bootloader (GRUB or other)?

Our GRUB2 is based on the 2.04-20 version from Debian which is based on the 2.04 upstream version. We do not apply any patches on top.

Source can be found here: https://github.com/Lernstick/grub

If your SHIM launches any other components, please provide further details on what is launched

The Shim only launches GRUB2.

If your GRUB2 launches any other binaries that are not Linux kernel in SecureBoot mode,

please provide further details on what is launched and how it enforces Secureboot lockdown

We only launch the Linux kernel.

If you are re-using a previously used (CA) certificate, you

will need to add the hashes of the previous GRUB2 binaries

exposed to the CVEs to vendor_dbx in shim in order to prevent

GRUB2 from being able to chainload those older GRUB2 binaries. If

you are changing to a new (CA) certificate, this does not

apply. Please describe your strategy.

N/A. We are using a new CA.

How do the launched components prevent execution of unauthenticated code?

• Signed linux images have lockdown enabled.
• GRUB2 has Secure Boot patches applied and only launches our signed files.

Does your SHIM load any loaders that support loading unsigned kernels (e.g. GRUB)?

No.

What kernel are you using? Which patches does it includes to enforce Secure Boot?

We are using kernel version 5.10 with Debian's lockdown patches applied and kernel version 5.13 (latest stable kernel) with
Secure Boot enabled and lockdown always enforced.

What changes were made since your SHIM was last signed?

N/A.

What is the SHA256 hash of your final SHIM binary?

07a4b39f712ffa4a71ca7c79edb6aec8b89612896e7f221fdf4cf2265e8c5669  shimx64.efi

[tSU-RooT]

Hi, I have tried a review based on the reviewer's guidelines.
https://github.com/rhboot/shim/wiki/reviewer-guidelines

• shimx64.efi is docker reproducible.
• Lernstick is debian derivative, downstream distro.
  https://wiki.debian.org/Derivatives/Census/Lernstick
• SBAT in shim binary looks good.

sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
shim,1,UEFI shim,shim,1,https://github.com/rhboot/shim
shim.debian,1,Debian,shim,15.4,https://tracker.debian.org/pkg/shim
shim.lernstick,1,Lerntsick,shim,15.4,https://github.com/Lernstick/shim

• Organization(Lerntsick) looks match with cert.
• Storing private key in YubiKey looks reasonable.
• I confirmed shim and grub2 source code repo is derivative from debian salsa's repo.
  Replacing certification files, add SBAT entries, and change configs to theirs.
  https://github.com/Lernstick/shim is fork of https://salsa.debian.org/efi-team/shim/-/tree/debian/15.4-6
  https://github.com/Lernstick/grub is fork of https://salsa.debian.org/grub-team/grub/-/tree/debian/2.04-20
  In other points, no essential patches added at these forks,
  so these bootloaders are almost rebuild of debian package.
  By the way, these repo's d/changelog are not noting their changes.
  https://github.com/Lernstick/grub/blob/master/debian/changelog
  https://github.com/Lernstick/shim/blob/15.4-6-lernstick/debian/changelog

[ronnystandtke]

Thank you very much for the positive review! Is there anything we can do to speed things up? It's been 4 months now and many schools are waiting for our secure exam environment...

[tSU-RooT]

It's been 4 months now and many schools are waiting for our secure exam environment...

I think many distributers(include us) has same problem of secure boot.

Is there anything we can do to speed things up?

It is helping other distro's submission by cross-review.
#120 (comment)

Reviewing other's submission will makes down core reviewers load and faster review process probably.
#165 (comment)

[julian-klode]

@ronnystandtke I'm gonna send you two some encrypted emails with words, I'm going to need the words pasted back here.

[julian-klode]

I've not done a full review yet, sorry. but:

I have verified that the commit the tag points to builds reproducibly.

commit 98234caa03f1f1e9c61417b0574638ed6ce76506 (HEAD, tag: lernstick-shim-amd64-20210729, lernstick/master)
Author: Thore Sommer <mail@thson.de>
Date:   Thu Jul 29 12:14:32 2021 +0200

    Add shim with correct SBAT entry

and I'd like to know:

The keys are stored on a FIPS 140-2 certified SmartCard (YubiKey FIPS Model 0010).

Who has access to the YubiKey?

[ronnystandtke]

@julian-klode Thank you very much for the review!

@ronnystandtke I'm gonna send you two some encrypted emails with words, I'm going to need the words pasted back here.

Kundgebungen fachgemäßeste bestbewährt Fernsehtheater immergrünes vorgreifender unermüdlichsten amerikanisierte eingetrocknetes Kloster

[ronnystandtke]

Who has access to the YubiKey?

Only I have access to it.

[chaoos]

Sorry for the late reply, below the words from the email:

@ronnystandtke I'm gonna send you two some encrypted emails with words, I'm going to need the words pasted back here.

Alkali zahlungsunwilligerer anständig Hellsichtigkeit archiviert gelagerter Schuldlosigkeit beifolgt zuredendem munkelndes

[julian-klode]

The words are correct, emails and keys hence verified.

[julian-klode]

I went through the check list and answers, and this all looks fine from my side too, marking as accepted.

Please close the bug once you received a signed shim back from MS.

[julian-klode]

This submission was accepted 2 months ago, has this been signed yet? If so please close it.

[ronnystandtke]

The process of getting an EV certificate is a surprisingly long and kafkaesque process, especially if your team is part of a university. Ours is still going on, so please keep this issue open.