Re: UEFI Secureboot not succeeding with Grub 2.06 and later version

[Javier Martinez Canillas]

Hello Sayanta,

On 7/15/21 7:26 AM, Sayanta Pattanayak wrote:

[snip]

>>> We understand LoadImage() interface is used in our platform, but if
>>> the error scenario is not expected with LoadImage() interface then we
>>> need further investigation. We are trying to look into it.
>>>

I agree with the assessment made by others that validating using the UEFI
firmware should be a supported configuration if the image is built with
the --disable-shim-lock option.

>>> What can we infer from the change you suggested and that it worked? Do
>>> we need to make certain changes in our platform?
>>
>> The change which I suggested was just a check for my theory. It is not real 
>> fix.
>> We have to fix this issue in the GRUB in a different way. This is not your 
>> fault.
>> When we have a fix we will ask you for some tests.
> 
> Thanks for the information. Sure, will look forward for the change and 
> further experiments to perform.
> 

Could you please try the following patch? I've not tested it yet but I
think that should make GRUB to support your use case.

>From 37157118e237f216866e185e53f8f7d6c9233407 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Thu, 15 Jul 2021 13:08:11 +0200
Subject: [RFC PATCH] kern/efi/sb: Allow validation to be done by the UEFI 
firmware

The shim_lock protocol is used to delegate that PE32+ binaries have been
signed with a trusted key. This is done because GRUB currently lacks the
ability to do the validation itself.

But in certain configurations a user may not want to use shim for this,
and either delegate on a different verifier (i.e: pgp) or just leave it
to the UEFI firmware. The latter can be done if both GRUB and the Linux
kernel have been signed by a key trusted by the UEFI firmware.

There's an grub-mkimage --disable-shim-lock option that could be used to
avoid using he shim_lock protocol and rely on another verifier, but that
will not work for the latter case. Since the lockdown verifier defers it
to another verifier but no verifier validates the Linux kernel images.

To workaround that, let's make the shim_lock verifier always validate a
kernel file type if the --disable-shim-lock option has been enabled.

Reported-by: Sayanta Pattanayak <Sayanta.Pattanayak@arm.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
---
 grub-core/kern/efi/sb.c | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/grub-core/kern/efi/sb.c b/grub-core/kern/efi/sb.c
index c52ec6226a6..51af1a21546 100644
--- a/grub-core/kern/efi/sb.c
+++ b/grub-core/kern/efi/sb.c
@@ -143,8 +143,17 @@ shim_lock_verifier_write (void *context __attribute__ 
((unused)), void *buf, gru
 {
   grub_efi_shim_lock_protocol_t *sl = grub_efi_locate_protocol 
(&shim_lock_guid, 0);
 
+  /* shim_lock is missing, check if GRUB image is built with 
--disable-shim-lock. */
   if (!sl)
-    return grub_error (GRUB_ERR_ACCESS_DENIED, N_("shim_lock protocol not 
found"));
+    {
+      FOR_MODULES (header)
+        {
+          if (header->type == OBJ_TYPE_DISABLE_SHIM_LOCK)
+            return GRUB_ERR_NONE;
+
+          return grub_error (GRUB_ERR_ACCESS_DENIED, N_("shim_lock protocol 
not found"));
+        }
+    }
 
   if (sl->verify (buf, size) != GRUB_EFI_SUCCESS)
     return grub_error (GRUB_ERR_BAD_SIGNATURE, N_("bad shim signature"));
@@ -166,16 +175,6 @@ grub_shim_lock_verifier_setup (void)
   grub_efi_shim_lock_protocol_t *sl =
     grub_efi_locate_protocol (&shim_lock_guid, 0);
 
-  /* shim_lock is missing, check if GRUB image is built with 
--disable-shim-lock. */
-  if (!sl)
-    {
-      FOR_MODULES (header)
-       {
-         if (header->type == OBJ_TYPE_DISABLE_SHIM_LOCK)
-           return;
-       }
-    }
-
   /* Secure Boot is off. Do not load shim_lock. */
   if (grub_efi_get_secureboot () != GRUB_EFI_SECUREBOOT_MODE_ENABLED)
     return;
-- 
2.31.1