Blame SOURCES/0196-appended-signatures-documentation.patch

8e15ce
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
8e15ce
From: Daniel Axtens <dja@axtens.net>
8e15ce
Date: Thu, 1 Oct 2020 13:02:09 +1000
8e15ce
Subject: [PATCH] appended signatures: documentation
8e15ce
8e15ce
This explains how appended signatures can be used to form part of
8e15ce
a secure boot chain, and documents the commands and variables
8e15ce
introduced.
8e15ce
8e15ce
Signed-off-by: Daniel Axtens <dja@axtens.net>
8e15ce
---
8e15ce
 docs/grub.texi | 199 ++++++++++++++++++++++++++++++++++++++++++++++++++++-----
8e15ce
 1 file changed, 182 insertions(+), 17 deletions(-)
8e15ce
8e15ce
diff --git a/docs/grub.texi b/docs/grub.texi
8e15ce
index afbde7c1f7b..4816be85611 100644
8e15ce
--- a/docs/grub.texi
8e15ce
+++ b/docs/grub.texi
8e15ce
@@ -3214,6 +3214,7 @@ These variables have special meaning to GRUB.
8e15ce
 
8e15ce
 @menu
8e15ce
 * biosnum::
8e15ce
+* check_appended_signatures::
8e15ce
 * check_signatures::
8e15ce
 * chosen::
8e15ce
 * cmdpath::
8e15ce
@@ -3273,11 +3274,18 @@ For an alternative approach which also changes BIOS drive mappings for the
8e15ce
 chain-loaded system, @pxref{drivemap}.
8e15ce
 
8e15ce
 
8e15ce
+@node check_appended_signatures
8e15ce
+@subsection check_appended_signatures
8e15ce
+
8e15ce
+This variable controls whether GRUB enforces appended signature validation on
8e15ce
+certain loaded files. @xref{Using appended signatures}.
8e15ce
+
8e15ce
+
8e15ce
 @node check_signatures
8e15ce
 @subsection check_signatures
8e15ce
 
8e15ce
-This variable controls whether GRUB enforces digital signature
8e15ce
-validation on loaded files. @xref{Using digital signatures}.
8e15ce
+This variable controls whether GRUB enforces GPG-style digital signature
8e15ce
+validation on loaded files. @xref{Using GPG-style digital signatures}.
8e15ce
 
8e15ce
 @node chosen
8e15ce
 @subsection chosen
8e15ce
@@ -3994,6 +4002,7 @@ you forget a command, you can run the command @command{help}
8e15ce
 * date::                        Display or set current date and time
8e15ce
 * devicetree::                  Load a device tree blob
8e15ce
 * distrust::                    Remove a pubkey from trusted keys
8e15ce
+* distrust_certificate::        Remove a certificate from the list of trusted certificates
8e15ce
 * drivemap::                    Map a drive to another
8e15ce
 * echo::                        Display a line of text
8e15ce
 * eval::                        Evaluate agruments as GRUB commands
8e15ce
@@ -4010,6 +4019,7 @@ you forget a command, you can run the command @command{help}
8e15ce
 * keystatus::                   Check key modifier status
8e15ce
 * linux::                       Load a Linux kernel
8e15ce
 * linux16::                     Load a Linux kernel (16-bit mode)
8e15ce
+* list_certificates::           List trusted certificates
8e15ce
 * list_env::                    List variables in environment block
8e15ce
 * list_trusted::                List trusted public keys
8e15ce
 * load_env::                    Load variables from environment block
8e15ce
@@ -4047,8 +4057,10 @@ you forget a command, you can run the command @command{help}
8e15ce
 * test::                        Check file types and compare values
8e15ce
 * true::                        Do nothing, successfully
8e15ce
 * trust::                       Add public key to list of trusted keys
8e15ce
+* trust_certificate::           Add an x509 certificate to the list of trusted certificates
8e15ce
 * unset::                       Unset an environment variable
8e15ce
 @comment * vbeinfo::                     List available video modes
8e15ce
+* verify_appended::             Verify appended digital signature
8e15ce
 * verify_detached::             Verify detached digital signature
8e15ce
 * videoinfo::                   List available video modes
8e15ce
 @comment * xen_*::              Xen boot commands for AArch64
8e15ce
@@ -4376,9 +4388,28 @@ These keys are used to validate signatures when environment variable
8e15ce
 @code{check_signatures} is set to @code{enforce}
8e15ce
 (@pxref{check_signatures}), and by some invocations of
8e15ce
 @command{verify_detached} (@pxref{verify_detached}).  @xref{Using
8e15ce
-digital signatures}, for more information.
8e15ce
+GPG-style digital signatures}, for more information.
8e15ce
 @end deffn
8e15ce
 
8e15ce
+
8e15ce
+@node distrust_certificate
8e15ce
+@subsection distrust_certificate
8e15ce
+
8e15ce
+@deffn Command distrust_certificate cert_number
8e15ce
+Remove the x509 certificate numbered @var{cert_number} from GRUB's keyring of
8e15ce
+trusted x509 certificates for verifying appended signatures.
8e15ce
+
8e15ce
+@var{cert_number} is the certificate number as listed by
8e15ce
+@command{list_certificates} (@pxref{list_certificates}).
8e15ce
+
8e15ce
+These certificates are used to validate appended signatures when environment
8e15ce
+variable @code{check_appended_signatures} is set to @code{enforce} or
8e15ce
+@code{forced} (@pxref{check_appended_signatures}), and by
8e15ce
+@command{verify_appended} (@pxref{verify_appended}). See
8e15ce
+@xref{Using appended signatures} for more information.
8e15ce
+@end deffn
8e15ce
+
8e15ce
+
8e15ce
 @node drivemap
8e15ce
 @subsection drivemap
8e15ce
 
8e15ce
@@ -4636,6 +4667,21 @@ This command is only available on x86 systems.
8e15ce
 @end deffn
8e15ce
 
8e15ce
 
8e15ce
+@node list_certificates
8e15ce
+@subsection list_certificates
8e15ce
+
8e15ce
+@deffn Command list_certificates
8e15ce
+List all x509 certificates trusted by GRUB for validating appended signatures.
8e15ce
+The output is a numbered list of certificates, showing the certificate's serial
8e15ce
+number and Common Name.
8e15ce
+
8e15ce
+The certificate number can be used as an argument to
8e15ce
+@command{distrust_certificate} (@pxref{distrust_certificate}).
8e15ce
+
8e15ce
+See @xref{Using appended signatures} for more information.
8e15ce
+@end deffn
8e15ce
+
8e15ce
+
8e15ce
 @node list_env
8e15ce
 @subsection list_env
8e15ce
 
8e15ce
@@ -4655,7 +4701,7 @@ The output is in GPG's v4 key fingerprint format (i.e., the output of
8e15ce
 @code{gpg --fingerprint}).  The least significant four bytes (last
8e15ce
 eight hexadecimal digits) can be used as an argument to
8e15ce
 @command{distrust} (@pxref{distrust}).
8e15ce
-@xref{Using digital signatures}, for more information about uses for
8e15ce
+@xref{Using GPG-style digital signatures}, for more information about uses for
8e15ce
 these keys.
8e15ce
 @end deffn
8e15ce
 
8e15ce
@@ -4690,8 +4736,13 @@ When used with care, @option{--skip-sig} and the whitelist enable an
8e15ce
 administrator to configure a system to boot only signed
8e15ce
 configurations, but to allow the user to select from among multiple
8e15ce
 configurations, and to enable ``one-shot'' boot attempts and
8e15ce
-``savedefault'' behavior.  @xref{Using digital signatures}, for more
8e15ce
+``savedefault'' behavior.  @xref{Using GPG-style digital signatures}, for more
8e15ce
 information.
8e15ce
+
8e15ce
+Extra care should be taken when combining this command with appended signatures
8e15ce
+(@pxref{Using appended signatures}), as this file is not validated by an
8e15ce
+appended signature and could set @code{check_appended_signatures=no} if GRUB is
8e15ce
+not in @pxref{Lockdown} mode.
8e15ce
 @end deffn
8e15ce
 
8e15ce
 
8e15ce
@@ -4987,7 +5038,7 @@ read.  It is possible to modify a digitally signed environment block
8e15ce
 file from within GRUB using this command, such that its signature will
8e15ce
 no longer be valid on subsequent boots.  Care should be taken in such
8e15ce
 advanced configurations to avoid rendering the system
8e15ce
-unbootable. @xref{Using digital signatures}, for more information.
8e15ce
+unbootable. @xref{Using GPG-style digital signatures}, for more information.
8e15ce
 @end deffn
8e15ce
 
8e15ce
 
8e15ce
@@ -5387,11 +5438,32 @@ signatures when environment variable @code{check_signatures} is set to
8e15ce
 must itself be properly signed.  The @option{--skip-sig} option can be
8e15ce
 used to disable signature-checking when reading @var{pubkey_file}
8e15ce
 itself. It is expected that @option{--skip-sig} is useful for testing
8e15ce
-and manual booting. @xref{Using digital signatures}, for more
8e15ce
+and manual booting. @xref{Using GPG-style digital signatures}, for more
8e15ce
 information.
8e15ce
 @end deffn
8e15ce
 
8e15ce
 
8e15ce
+@node trust_certificate
8e15ce
+@subsection trust_certificate
8e15ce
+
8e15ce
+@deffn Command trust_certificate x509_certificate
8e15ce
+Read an DER-formatted x509 certificate from the file @var{x509_certificate}
8e15ce
+and add it to GRUB's internal list of trusted x509 certificates. These
8e15ce
+certificates are used to validate appended signatures when the environment
8e15ce
+variable @code{check_appended_signatures} is set to @code{enforce} or
8e15ce
+@code{forced}.
8e15ce
+
8e15ce
+Note that if @code{check_appended_signatures} is set to @code{enforce} or
8e15ce
+@code{forced} when @command{trust_certificate} is executed, then
8e15ce
+@var{x509_certificate} must itself bear an appended signature. (It is not
8e15ce
+sufficient that @var{x509_certificate} be signed by a trusted certificate
8e15ce
+according to the x509 rules: grub does not include support for validating
8e15ce
+signatures within x509 certificates themselves.)
8e15ce
+
8e15ce
+See @xref{Using appended signatures} for more information.
8e15ce
+@end deffn
8e15ce
+
8e15ce
+
8e15ce
 @node unset
8e15ce
 @subsection unset
8e15ce
 
8e15ce
@@ -5410,6 +5482,18 @@ only on PC BIOS platforms.
8e15ce
 @end deffn
8e15ce
 @end ignore
8e15ce
 
8e15ce
+@node verify_appended
8e15ce
+@subsection verify_appended
8e15ce
+
8e15ce
+@deffn Command verify_appended file
8e15ce
+Verifies an appended signature on @var{file} against the trusted certificates
8e15ce
+known to GRUB (See @pxref{list_certificates}, @pxref{trust_certificate}, and
8e15ce
+@pxref{distrust_certificate}).
8e15ce
+
8e15ce
+Exit code @code{$?} is set to 0 if the signature validates
8e15ce
+successfully.  If validation fails, it is set to a non-zero value.
8e15ce
+See @xref{Using appended signatures}, for more information.
8e15ce
+@end deffn
8e15ce
 
8e15ce
 @node verify_detached
8e15ce
 @subsection verify_detached
8e15ce
@@ -5428,7 +5512,7 @@ tried.
8e15ce
 
8e15ce
 Exit code @code{$?} is set to 0 if the signature validates
8e15ce
 successfully.  If validation fails, it is set to a non-zero value.
8e15ce
-@xref{Using digital signatures}, for more information.
8e15ce
+@xref{Using GPG-style digital signatures}, for more information.
8e15ce
 @end deffn
8e15ce
 
8e15ce
 @node videoinfo
8e15ce
@@ -5811,13 +5895,14 @@ environment variables and commands are listed in the same order.
8e15ce
 @chapter Security
8e15ce
 
8e15ce
 @menu
8e15ce
-* Authentication and authorisation:: Users and access control
8e15ce
-* Using digital signatures::         Booting digitally signed code
8e15ce
-* UEFI secure boot and shim::        Booting digitally signed PE files
8e15ce
-* Secure Boot Advanced Targeting::   Embedded information for generation number based revocation
8e15ce
-* Measured Boot::                    Measuring boot components
8e15ce
-* Lockdown::                         Lockdown when booting on a secure setup
8e15ce
-* Signing GRUB itself::              Ensuring the integrity of the GRUB core image
8e15ce
+* Authentication and authorisation::   Users and access control
8e15ce
+* Using GPG-style digital signatures:: Booting digitally signed code
8e15ce
+* Using appended signatures::          An alternative approach to booting digitally signed code
8e15ce
+* UEFI secure boot and shim::          Booting digitally signed PE files
8e15ce
+* Secure Boot Advanced Targeting::     Embedded information for generation number based revocation
8e15ce
+* Measured Boot::                      Measuring boot components
8e15ce
+* Lockdown::                           Lockdown when booting on a secure setup
8e15ce
+* Signing GRUB itself::                Ensuring the integrity of the GRUB core image
8e15ce
 @end menu
8e15ce
 
8e15ce
 @node Authentication and authorisation
8e15ce
@@ -5891,8 +5976,8 @@ generating configuration files with authentication.  You can use
8e15ce
 adding @kbd{set superusers=} and @kbd{password} or @kbd{password_pbkdf2}
8e15ce
 commands.
8e15ce
 
8e15ce
-@node Using digital signatures
8e15ce
-@section Using digital signatures in GRUB
8e15ce
+@node Using GPG-style digital signatures
8e15ce
+@section Using GPG-style digital signatures in GRUB
8e15ce
 
8e15ce
 GRUB's @file{core.img} can optionally provide enforcement that all files
8e15ce
 subsequently read from disk are covered by a valid digital signature.
8e15ce
@@ -5985,6 +6070,86 @@ or BIOS) configuration to cause the machine to boot from a different
8e15ce
 (attacker-controlled) device.  GRUB is at best only one link in a
8e15ce
 secure boot chain.
8e15ce
 
8e15ce
+@node Using appended signatures
8e15ce
+@section Using appended signatures in GRUB
8e15ce
+
8e15ce
+GRUB supports verifying Linux-style 'appended signatures' for secure boot.
8e15ce
+Appended signatures are PKCS#7 messages containing a signature over the
8e15ce
+contents of a file, plus some metadata, appended to the end of a file. A file
8e15ce
+with an appended signature ends with the magic string:
8e15ce
+
8e15ce
+@example
8e15ce
+~Module signature appended~\n
8e15ce
+@end example
8e15ce
+
8e15ce
+where @code{\n} represents the line-feed character, @code{0x0a}.
8e15ce
+
8e15ce
+Certificates can be managed at boot time using the @pxref{trust_certificate},
8e15ce
+@pxref{distrust_certificate} and @pxref{list_certificates} commands.
8e15ce
+Certificates can also be built in to the core image using the @code{--x509}
8e15ce
+parameter to @command{grub-install} or @command{grub-mkimage}.
8e15ce
+
8e15ce
+A file can be explictly verified using the @pxref{verify_appended} command.
8e15ce
+
8e15ce
+Only signatures made with the SHA-256 or SHA-512 hash algorithm are supported,
8e15ce
+and only RSA signatures are supported.
8e15ce
+
8e15ce
+A file can be signed with the @command{sign-file} utility supplied with the
8e15ce
+Linux kernel source. For example, if you have @code{signing.key} as the private
8e15ce
+key and @code{certificate.der} as the x509 certificate containing the public key:
8e15ce
+
8e15ce
+@example
8e15ce
+sign-file SHA256 signing.key certificate.der vmlinux vmlinux.signed
8e15ce
+@end example
8e15ce
+
8e15ce
+Enforcement of signature verification is controlled by the
8e15ce
+@code{check_appended_signatures} variable.
8e15ce
+
8e15ce
+@itemize
8e15ce
+@item @samp{no}: no verification is performed. This is the default when GRUB
8e15ce
+      is not in @pxref{Lockdown} mode.
8e15ce
+@item @samp{enforce}: verification is performed. Verification can be disabled
8e15ce
+      by setting the variable back to @samp{no}.
8e15ce
+@item @samp{forced}: verification is performed and cannot be disabled. This is
8e15ce
+      set when GRUB is in Lockdown when the appendedsig module is loaded.
8e15ce
+@end itemize
8e15ce
+
8e15ce
+Unlike GPG-style signatures, not all files loaded by GRUB are required to be
8e15ce
+signed. Once verification is turned on, the following file types will have
8e15ce
+appended signatures verified:
8e15ce
+
8e15ce
+@itemize
8e15ce
+@item Linux kernels
8e15ce
+@item GRUB modules, except those built into the core image
8e15ce
+@item Any new certificate files to be trusted
8e15ce
+@end itemize
8e15ce
+
8e15ce
+ACPI tables and Device Tree images will not be checked for appended signatures
8e15ce
+but must be verified by another mechanism such as GPG-style signatures before
8e15ce
+they will be loaded.
8e15ce
+
8e15ce
+Unless lockdown mode is enabled, signature checking does @strong{not}
8e15ce
+stop an attacker with console access from dropping manually to the GRUB
8e15ce
+console and executing:
8e15ce
+
8e15ce
+@example
8e15ce
+set check_appended_signatures=no
8e15ce
+@end example
8e15ce
+
8e15ce
+Refer to the section on password-protecting GRUB (@pxref{Authentication
8e15ce
+and authorisation}) for more information on preventing this.
8e15ce
+
8e15ce
+Additionally, unless lockdown mode is enabled:
8e15ce
+
8e15ce
+@itemize
8e15ce
+@item Special care must be taken around the @command{loadenv} command, which
8e15ce
+      can be used to turn off @code{check_appended_signature}.
8e15ce
+
8e15ce
+@item If the grub configuration file is loaded from the disk, anyone who can
8e15ce
+      modify the file on disk can turn off @code{check_appended_signature}.
8e15ce
+      Consider embedding the configuration into the core grub image.
8e15ce
+@end itemize
8e15ce
+
8e15ce
 @node UEFI secure boot and shim
8e15ce
 @section UEFI secure boot and shim support
8e15ce