You may be hearing a lot of clamor about secure boot these days in Linux and Windows operating systems. This set of blogs will explain about secure boot and how it is extended to Linux; specifically RHEL7. I’ll also provide some insights in to Linux ‘trusted kernel Boot’ and implications on user space applications. Secure boot is designed to prevent root kits being installed at boot time in memory using mechanisms like option ROM and MBRs to get loaded in to the OS, hijacking the system control and remaining hidden from anti-malware programs. This problem has grown over time to play a significant role in data loss/corruption and theft. You can trust that the OS you are running is yours one. Malware can come in middle of BIOS and OS loader. It can also come in between OS Loader and OS.
UEFI is the new standard of hardware/software interface for modern server platforms with a rich set of UI, modularity and standard interfaces for IHVs to develop device drivers in UEFI that work seamlessly in pre-boot environment that is more flexible than a legacy bios environment. UEFI adoption across operating systems and platforms continues to grow, with many of the major client and server OS versions supporting it.
Led by Microsoft, the UEFI standards body identified a way to prohibit boot time malware rootkits from being installed using a mechanism of loading and executing binaries that are un-modified and known to the platform. This mechanism is called Secure Booting. Microsoft way of Secure boot. Similar way different OS vendors incorporated different ways to achieve secure boot. I will be discussing in my next blog how Red Hat has implemented secure boot in the kernel.
Secured UEFI platforms load only software binaries, such as option ROM drivers, boot loaders, OS loaders, that are unmodified and trusted by the platform. UEFI specification describes in detail about secure boot mechanism here.
The UEFI specification defines the infrastructure required for secure booting. I will just provide brief introduction of the terminology used in secure boot. You may skip if you don’t want too many technical terms, but I thought it would be useful to someone who wanted to understand in greater detail.
Secure Boot does not protect the system while running and its data. Secure Boot stops booting to the OS if any component is not authenticated in the boot process which will prevent systems from running hidden malware.
These key words may be difficult for someone but these are the base of secure boot. UEFI Specification tells more about these key words. These specs tell in detail how to sign the binaries; see section 28.
Authenticated Variables: UEFI provides a service called authenticated variables which means only a certified module or authentic code module can write i.e. only a code module that has a key certificate can write. But any party can read these variables.
Platform key (PK): Platform Key establishes trust relationship between platform owner and firmware which is installed in the NVM by the platform manufacturer.
KEK: Key Exchange Key establishes trust between Operating Systems and the platform firmware. KEK’s are installed in the platform by the OS and/or third party components which want to communicate with platform firmware.
DB: Authorized Database holding the public keys and certificates of the code module that is authorized to interact with platform firmware.
DBX: Black listed DB. Any code module that matches to these certificates will not be allowed to start loading.
Signature: Signature is generated by the private key and hash of the binary that will be signed.
Certificate: Authenticode certificate containing public key that corresponds to the private key used to sign the image
UEFI platform firmware will load the third party drivers, optionROMS, and OS loaders that are signed by the Certification Authority (CA), in this case Microsoft. Any hardware vendor can write their drivers in UEFI BIOS and get it signed by Microsoft to run on UEFI platform. OEMs install the public part of the key in the platform DB and the UEFI loader protocol service validates signature of the binary against the authorized DB before it is allowed to run on the platform. This chain of authentication continues from the UEFI to the OS loader and OS.
In summary, UEFI allows to run OS loaders that are signed and whose key is present in the DB. This key mechanism ensures that the OS loader or option ROMs are allowed to execute only if they are authorized and not modified by any party.
Now, we know how secure boot has come from the UEFI specification and the intent behind it. A securely booted Linux kernel locks up some of the kernel features preventing modification by applications. I will discuss technical details of Linux trusted kernel boot in a forthcoming blog.