Hello all,
I'm not sure if this is the place for this, but if not perhaps you could point me in the right direction?
I'm looking for the certificate associated with the key used to sign the Fedora kernels for UEFI Secure Boot. What little information I've found indicates that it should be part of the "shim" package sources, but it isn't there, and looking back and random points in it's history I can't seem to find it. I've found the CA used to sign this mystery certificate, but not the kernel's signing certificate. Any help you can provide would be appreciated.
For reference, this is the certificate I'm looking for:
Signer #0: Subject: /CN=Fedora Secure Boot Signer Issuer : /CN=Fedora Secure Boot CA Serial : 9976F70F
... and no, I'm obviously not asking for the private key, just an authoritative source for the public key certificate :)
Thanks, -Paul
On Fri, Aug 9, 2019 at 8:31 AM Paul Moore paul@paul-moore.com wrote:
Hello all,
I'm not sure if this is the place for this, but if not perhaps you could point me in the right direction?
I'm looking for the certificate associated with the key used to sign the Fedora kernels for UEFI Secure Boot. What little information I've found indicates that it should be part of the "shim" package sources, but it isn't there, and looking back and random points in it's history I can't seem to find it. I've found the CA used to sign this mystery certificate, but not the kernel's signing certificate. Any help you can provide would be appreciated.
For reference, this is the certificate I'm looking for:
Signer #0: Subject: /CN=Fedora Secure Boot Signer Issuer : /CN=Fedora Secure Boot CA Serial : 9976F70F... and no, I'm obviously not asking for the private key, just an authoritative source for the public key certificate :)
Nobody knows where to find the "CN=Fedora Secure Boot Signer" certificate? That's a little scary :)
I guess I can just extract it from the signed kernel image and verify it with the CA but that seems like a bad answer to me.
On Mon, Aug 12, 2019 at 11:23 AM Paul Moore paul@paul-moore.com wrote:
On Fri, Aug 9, 2019 at 8:31 AM Paul Moore paul@paul-moore.com wrote:
Hello all,
I'm not sure if this is the place for this, but if not perhaps you could point me in the right direction?
I'm looking for the certificate associated with the key used to sign the Fedora kernels for UEFI Secure Boot. What little information I've found indicates that it should be part of the "shim" package sources, but it isn't there, and looking back and random points in it's history I can't seem to find it. I've found the CA used to sign this mystery certificate, but not the kernel's signing certificate. Any help you can provide would be appreciated.
For reference, this is the certificate I'm looking for:
Signer #0: Subject: /CN=Fedora Secure Boot Signer Issuer : /CN=Fedora Secure Boot CA Serial : 9976F70F... and no, I'm obviously not asking for the private key, just an authoritative source for the public key certificate :)
Nobody knows where to find the "CN=Fedora Secure Boot Signer" certificate? That's a little scary :)
The people that can answer this question were all at Flock last week and are traveling back from it now.
Generally speaking, Fedora infrastructure has a key they use that two specific build hosts have access to.
josh
I guess I can just extract it from the signed kernel image and verify it with the CA but that seems like a bad answer to me.
-- paul moore www.paul-moore.com _______________________________________________ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org
On 8/12/19 8:35 AM, Josh Boyer wrote:
On Mon, Aug 12, 2019 at 11:23 AM Paul Moore paul@paul-moore.com wrote:
On Fri, Aug 9, 2019 at 8:31 AM Paul Moore paul@paul-moore.com wrote:
Hello all,
I'm not sure if this is the place for this, but if not perhaps you could point me in the right direction?
I'm looking for the certificate associated with the key used to sign the Fedora kernels for UEFI Secure Boot. What little information I've found indicates that it should be part of the "shim" package sources,
Well, you likely want to look at the pesign package for the signing information, but the cert isn't in there either. It's in smart cards attached to kernel builder machines. When the kernel builds on those the spec sees that and uses pesign to sign them, otherwise it uses a 'test' cert to sign things.
May I ask why you want the cert?
but it isn't there, and looking back and random points in it's history I can't seem to find it. I've found the CA used to sign this mystery certificate, but not the kernel's signing certificate. Any help you can provide would be appreciated.
For reference, this is the certificate I'm looking for:
Signer #0: Subject: /CN=Fedora Secure Boot Signer Issuer : /CN=Fedora Secure Boot CA Serial : 9976F70F... and no, I'm obviously not asking for the private key, just an authoritative source for the public key certificate :)
We don't have one currently, because I guess we didn't think this would be of use to anyone. If there is some use case for it to be published, we can do so...
Nobody knows where to find the "CN=Fedora Secure Boot Signer" certificate? That's a little scary :)
The people that can answer this question were all at Flock last week and are traveling back from it now.
Yep. I saw the email, but was at/traveling back from the conference, and it sure didn't look urgent. ;)
Generally speaking, Fedora infrastructure has a key they use that two specific build hosts have access to.
Yep. See above.
kevin
On Tue, Aug 13, 2019 at 2:03 PM Kevin Fenzi kevin@scrye.com wrote:
On 8/12/19 8:35 AM, Josh Boyer wrote:
On Mon, Aug 12, 2019 at 11:23 AM Paul Moore paul@paul-moore.com wrote:
On Fri, Aug 9, 2019 at 8:31 AM Paul Moore paul@paul-moore.com wrote:
Hello all,
I'm not sure if this is the place for this, but if not perhaps you could point me in the right direction?
I'm looking for the certificate associated with the key used to sign the Fedora kernels for UEFI Secure Boot. What little information I've found indicates that it should be part of the "shim" package sources,
Well, you likely want to look at the pesign package for the signing information, but the cert isn't in there either. It's in smart cards attached to kernel builder machines. When the kernel builds on those the spec sees that and uses pesign to sign them, otherwise it uses a 'test' cert to sign things.
May I ask why you want the cert?
I'm working on extensions to tboot to support kernel signatures instead of hashes. Not wanting to reinvent the wheel I figured I would reuse the signed PECOFF format used by UEFI Secure Boot; the Fedora kernels are one of the kernels I've been using for testing.
While it is still a work in progress, I will be presenting on this topic next week at LSS-NA.
but it isn't there, and looking back and random points in it's history I can't seem to find it. I've found the CA used to sign this mystery certificate, but not the kernel's signing certificate. Any help you can provide would be appreciated.
For reference, this is the certificate I'm looking for:
Signer #0: Subject: /CN=Fedora Secure Boot Signer Issuer : /CN=Fedora Secure Boot CA Serial : 9976F70F... and no, I'm obviously not asking for the private key, just an authoritative source for the public key certificate :)
We don't have one currently, because I guess we didn't think this would be of use to anyone. If there is some use case for it to be published, we can do so...
It seems like one would want to publish the certificates used to sign their kernel images, at the very least publish the CA if not the entire chain. Outside the kernel image itself, the only place I could find the "CN=Fedora Secure Boot CA" was in the signing request for the UEFI shim; I couldn't find the "CN=Fedora Secure Boot Signer" anywhere but the kernel image.
Since I'm just doing dev/test at the moment I extracted the signing cert from the kernel image and I'm using that, but that isn't a good/general solution for a number of reasons.
FWIW, once I have something that is working properly and suitable for upstreaming (it is still a prototype) I plan to work on getting it merged into the tboot upstream. However, regardless of my work on tboot, I think it would be nice to be able to verify a kernel signature without relying on the certificate chain stored within the kernel.
On 8/14/19 8:35 AM, Paul Moore wrote:
On Tue, Aug 13, 2019 at 2:03 PM Kevin Fenzi kevin@scrye.com wrote:
On 8/12/19 8:35 AM, Josh Boyer wrote:
On Mon, Aug 12, 2019 at 11:23 AM Paul Moore paul@paul-moore.com wrote:
On Fri, Aug 9, 2019 at 8:31 AM Paul Moore paul@paul-moore.com wrote:
Hello all,
I'm not sure if this is the place for this, but if not perhaps you could point me in the right direction?
I'm looking for the certificate associated with the key used to sign the Fedora kernels for UEFI Secure Boot. What little information I've found indicates that it should be part of the "shim" package sources,
Well, you likely want to look at the pesign package for the signing information, but the cert isn't in there either. It's in smart cards attached to kernel builder machines. When the kernel builds on those the spec sees that and uses pesign to sign them, otherwise it uses a 'test' cert to sign things.
May I ask why you want the cert?
I'm working on extensions to tboot to support kernel signatures instead of hashes. Not wanting to reinvent the wheel I figured I would reuse the signed PECOFF format used by UEFI Secure Boot; the Fedora kernels are one of the kernels I've been using for testing.
While it is still a work in progress, I will be presenting on this topic next week at LSS-NA.
but it isn't there, and looking back and random points in it's history I can't seem to find it. I've found the CA used to sign this mystery certificate, but not the kernel's signing certificate. Any help you can provide would be appreciated.
For reference, this is the certificate I'm looking for:
Signer #0: Subject: /CN=Fedora Secure Boot Signer Issuer : /CN=Fedora Secure Boot CA Serial : 9976F70F... and no, I'm obviously not asking for the private key, just an authoritative source for the public key certificate :)
We don't have one currently, because I guess we didn't think this would be of use to anyone. If there is some use case for it to be published, we can do so...
It seems like one would want to publish the certificates used to sign their kernel images, at the very least publish the CA if not the entire chain. Outside the kernel image itself, the only place I could find the "CN=Fedora Secure Boot CA" was in the signing request for the UEFI shim; I couldn't find the "CN=Fedora Secure Boot Signer" anywhere but the kernel image.
Since I'm just doing dev/test at the moment I extracted the signing cert from the kernel image and I'm using that, but that isn't a good/general solution for a number of reasons.
FWIW, once I have something that is working properly and suitable for upstreaming (it is still a prototype) I plan to work on getting it merged into the tboot upstream. However, regardless of my work on tboot, I think it would be nice to be able to verify a kernel signature without relying on the certificate chain stored within the kernel.
I'm going to be at LSS-NA next week as well. I'll take notes on your presentation :)
On Wed, Aug 14, 2019 at 08:35:57AM -0400, Paul Moore wrote:
On Tue, Aug 13, 2019 at 2:03 PM Kevin Fenzi kevin@scrye.com wrote:
On 8/12/19 8:35 AM, Josh Boyer wrote:
On Mon, Aug 12, 2019 at 11:23 AM Paul Moore paul@paul-moore.com wrote:
On Fri, Aug 9, 2019 at 8:31 AM Paul Moore paul@paul-moore.com wrote:
Hello all,
I'm not sure if this is the place for this, but if not perhaps you could point me in the right direction?
I'm looking for the certificate associated with the key used to sign the Fedora kernels for UEFI Secure Boot. What little information I've found indicates that it should be part of the "shim" package sources,
Well, you likely want to look at the pesign package for the signing information, but the cert isn't in there either. It's in smart cards attached to kernel builder machines. When the kernel builds on those the spec sees that and uses pesign to sign them, otherwise it uses a 'test' cert to sign things.
May I ask why you want the cert?
I'm working on extensions to tboot to support kernel signatures instead of hashes. Not wanting to reinvent the wheel I figured I would reuse the signed PECOFF format used by UEFI Secure Boot; the Fedora kernels are one of the kernels I've been using for testing.
Why? Just throw tboot into the sea already. It's completely incompatible with the concept of a real chain of trust for booting.
While it is still a work in progress, I will be presenting on this topic next week at LSS-NA.
but it isn't there, and looking back and random points in it's history I can't seem to find it. I've found the CA used to sign this mystery certificate, but not the kernel's signing certificate. Any help you can provide would be appreciated.
For reference, this is the certificate I'm looking for:
Signer #0: Subject: /CN=Fedora Secure Boot Signer Issuer : /CN=Fedora Secure Boot CA Serial : 9976F70F... and no, I'm obviously not asking for the private key, just an authoritative source for the public key certificate :)
We don't have one currently, because I guess we didn't think this would be of use to anyone. If there is some use case for it to be published, we can do so...
It seems like one would want to publish the certificates used to sign their kernel images, at the very least publish the CA if not the entire chain.
The CA cert is in dist-git in the shim-unsigned-x64 package, which more or less has to be the authoritative source. When we start signing aarch64 binaries for real there will be another one in shim-unsigned-aarch64 (sorry about the nomenclature mismatch in the naming.) Also see my other email where I've given you a url. I'll put other arches there too, and add new certs whenever we cycle them (looking like late this year for x86, but...), but I may need reminding. There's just too much stuff to do in a day.
Outside the kernel image itself, the only place I could find the "CN=Fedora Secure Boot CA" was in the signing request for the UEFI shim; I couldn't find the "CN=Fedora Secure Boot Signer" anywhere but the kernel image.
Yeah, we don't publish it because a) there's more than one in order to make traceability and limiting access possible in the face of redundant builders, and b) that's the cut-out point to make revocation halfway sane. The chain is embedded in the signature, and the top level issuing certificate is explicitly trusted in shim.
Since I'm just doing dev/test at the moment I extracted the signing cert from the kernel image and I'm using that, but that isn't a good/general solution for a number of reasons.
FWIW, once I have something that is working properly and suitable for upstreaming (it is still a prototype) I plan to work on getting it merged into the tboot upstream.
Is there a broader goal here? It would seem to be academically interesting but fundamentally untrustable, because it's using tboot.
Unrelated to that, how are you planning to make revocation work in tboot? Secure boot doesn't have revocation certificates, just a signed list of revoked {one of: {hash,tbs-hash,cert-tbs-hash,certificate}}. Where will revocations be stored, and how is that storage protected?
However, regardless of my work on tboot, I think it would be nice to be able to verify a kernel signature without relying on the certificate chain stored within the kernel.
You realize that's how literally all signature verification works, right? First verify the chain, then check everything in the chain for revocation, then check everything in the chain for authorization. You can interleave them, but you're still checking the signature against the chain.
On Wed, Aug 14, 2019 at 2:44 PM Peter Jones pjones@redhat.com wrote:
On Wed, Aug 14, 2019 at 08:35:57AM -0400, Paul Moore wrote:
On Tue, Aug 13, 2019 at 2:03 PM Kevin Fenzi kevin@scrye.com wrote:
On 8/12/19 8:35 AM, Josh Boyer wrote:
On Mon, Aug 12, 2019 at 11:23 AM Paul Moore paul@paul-moore.com wrote:
...
May I ask why you want the cert?
I'm working on extensions to tboot to support kernel signatures instead of hashes. Not wanting to reinvent the wheel I figured I would reuse the signed PECOFF format used by UEFI Secure Boot; the Fedora kernels are one of the kernels I've been using for testing.
Why? Just throw tboot into the sea already. It's completely incompatible with the concept of a real chain of trust for booting.
I'm not using tboot/TXT for secure boot.
FWIW, once I have something that is working properly and suitable for upstreaming (it is still a prototype) I plan to work on getting it merged into the tboot upstream.
Is there a broader goal here? It would seem to be academically interesting but fundamentally untrustable, because it's using tboot.
This assumes I'm using tboot as a secure boot mechanism, I'm not. I don't have anything written up on the approach yet, but the abstract/teaser for the LSS-NA talk is below.
https://lssna19.sched.com/event/RHaB/securing-tpm-secrets-with-txt-and-kerne...
However, regardless of my work on tboot, I think it would be nice to be able to verify a kernel signature without relying on the certificate chain stored within the kernel.
You realize that's how literally all signature verification works, right?
Sigh. It sounds like you are missing some of the finer details in my comment Peter, as well as assuming I'm an idiot. Perhaps I wasn't clear enough in my comments, but what I was trying to get across was that I was using the certificates (signer and CA) that were part of the signed kernel image as way to verify the kernel signature without any external root/CA. Typically proper signature verification relies on a root of trust located *outside* the signed object being verified, for example UEFI Secure Boot relies on the roots/CAs stored in the firmware itself.
Anyway, I extracted info I needed, it's sufficient from my purposes at the moment, you're off the hook.
On Wed, Aug 14, 2019 at 03:00:32PM -0400, Paul Moore wrote:
On Wed, Aug 14, 2019 at 2:44 PM Peter Jones pjones@redhat.com wrote:
On Wed, Aug 14, 2019 at 08:35:57AM -0400, Paul Moore wrote:
On Tue, Aug 13, 2019 at 2:03 PM Kevin Fenzi kevin@scrye.com wrote:
On 8/12/19 8:35 AM, Josh Boyer wrote:
On Mon, Aug 12, 2019 at 11:23 AM Paul Moore paul@paul-moore.com wrote:
...
May I ask why you want the cert?
I'm working on extensions to tboot to support kernel signatures instead of hashes. Not wanting to reinvent the wheel I figured I would reuse the signed PECOFF format used by UEFI Secure Boot; the Fedora kernels are one of the kernels I've been using for testing.
Why? Just throw tboot into the sea already. It's completely incompatible with the concept of a real chain of trust for booting.
I'm not using tboot/TXT for secure boot.
I'm not assuming you are. I'm assuming you're running tboot, and then using its DRTM mechanism to secure something else later.
FWIW, once I have something that is working properly and suitable for upstreaming (it is still a prototype) I plan to work on getting it merged into the tboot upstream.
Is there a broader goal here? It would seem to be academically interesting but fundamentally untrustable, because it's using tboot.
This assumes I'm using tboot as a secure boot mechanism, I'm not.
I'm not assuming this at all.
I don't have anything written up on the approach yet, but the abstract/teaser for the LSS-NA talk is below.
https://lssna19.sched.com/event/RHaB/securing-tpm-secrets-with-txt-and-kerne...
I don't intend to argue with you, or to say you're an idiot. That said, fundamentally the design of TXT enforces measurement, but adds a step in the middle of the boot chain that's not verifiable as part of Secure Boot. Intel claims it is verifiable by the hardware, which may well be true and meaningful, but we're still just running a binary blob on the main CPU after the firmware has gone away. Inside the measured VM, we're running it /before/ the firmware, which is actually even worse - it compromises the firmware verification.
Anything relying on TXT is "trust the SINIT ACM instead of Secure Boot", both inside and outside of the VMs. That's the model.
On Wed, Aug 14, 2019 at 4:09 PM Peter Jones pjones@redhat.com wrote:
On Wed, Aug 14, 2019 at 03:00:32PM -0400, Paul Moore wrote:
I don't have anything written up on the approach yet, but the abstract/teaser for the LSS-NA talk is below.
https://lssna19.sched.com/event/RHaB/securing-tpm-secrets-with-txt-and-kerne...
I don't intend to argue with you, or to say you're an idiot.
Your phrasing sent a different message.
That said, fundamentally the design of TXT enforces measurement ...
Oddly enough, it really doesn't. TXT, and the SINIT ACM, at its basic level is really just about creating a clean environment where you have some guarantee (once again, assuming you trust Intel) that everything that happened before can not affect what you do next. It's the tboot implementation that enforces policy.
... but adds a step in the middle of the boot chain that's not verifiable as part of Secure Boot.
Not verifiable as part of the UEFI Secure Boot as currently implemented, yes. However, I don't believe that is an inherent limitation, with some work I believe tboot could be made to co-exist with UEFI Secure Boot, but I will admit that is beyond the scope of my initial effort.
Intel claims it is verifiable by the hardware, which may well be true and meaningful, but we're still just running a binary blob on the main CPU after the firmware has gone away.
From a practical perspective, the SINIT ACM and various bits of system firmware are all binary blobs that I really have no way of verifying. With UEFI Secure Boot I have to trust Microsoft, with TXT I have to trust Intel.
On Fri, Aug 09, 2019 at 08:31:06AM -0400, Paul Moore wrote:
Hello all,
I'm not sure if this is the place for this, but if not perhaps you could point me in the right direction?
I'm looking for the certificate associated with the key used to sign the Fedora kernels for UEFI Secure Boot. What little information I've found indicates that it should be part of the "shim" package sources, but it isn't there, and looking back and random points in it's history I can't seem to find it.
We don't package the certs to the signer, because the signatures should be verified against the issuer. That said, the whole signing chain is in the signatures, or else that wouldn't work.
I've found the CA used to sign this mystery certificate, but not the kernel's signing certificate. Any help you can provide would be appreciated.
For reference, this is the certificate I'm looking for:
Signer #0: Subject: /CN=Fedora Secure Boot Signer Issuer : /CN=Fedora Secure Boot CA Serial : 9976F70F... and no, I'm obviously not asking for the private key, just an authoritative source for the public key certificate :)
I've put the issuer and both signers at:
https://pjones.fedorapeople.org/secure-boot/
For what it's worth, you can also extract these with:
pesign -i grubx64.efi -e grub.sig openssl pkcs7 -in grubx64.efi -inform der -print_certs
It doesn't matter if you pick grub, kernel, fwupdate, or any of the things in the shim package except the one thing signed by someone else. Each binary will have one of the signer certs, depending on which host it was built on, and the issuer cert.
kernel@lists.fedoraproject.org
-
Josh Boyer -
Kevin Fenzi -
Laura Abbott -
Paul Moore -
Peter Jones