Exploiting signed bootloaders to circumvent UEFI Secure Boot

The author of: Super-UEFIinSecureBoot-Disk < https://firmwaresecurity.com/2019/02/27/super-uefiinsecureboot-disk-is-a-bootable-image-with-grub2-bootloader-designed-to-be-used-as-a-base-for-recovery-usb-flash-drives/ > has a new post on Habr.com (in Russian) on UEFI Secure Boot security.

Excerpt of Google Translation: […]In this article we proved the existence of not enough reliable bootloaders signed by Microsoft key, which allows booting untrusted code in Secure Boot mode. Using signed Kaspersky Rescue Disk files, we achieved a silent boot of any untrusted .efi files with Secure Boot enabled, without the need to add a certificate to UEFI db or shim MOK. These files can be used both for good deeds (for booting from USB flash drives) and for evil ones (for installing bootkits without computer owner consent).[…]

https://habr.com/ru/post/446238/

https://translate.google.com/translate?hl=en&sl=zh-CN&tl=en&u=https://habr.com/ru/post/446238/

Debian UEFI Secure Boot changes!

Steve McIntyre has posted an update on Debian’s UEFI Secure Boot status, to the debian-boot and debian-efi mailing lists. Excerpt:

I’ve just pushed changes to a few bits of d-i this weekend to make SB work for amd64:

* build/util/efi-image: […]
* build/config/arm.cfg, build/config/x86.cfg: […]
* debian/control: […]
* grub-installer/grub-installer: […]

The effect of these changes is that the next daily and weekly debian installer images (tomorrow) should Just Work (TM) end-to-end with UEFI Secure Boot. The changes to efi-image also mean that our next live image builds will do SB (for live and installation).

I’ll test all these again in the next couple of days to verify that things have pulled through as I expect, then it’s time to post to d-d-a and write a blog too. We’ve made great progress already. These last changes just tie it all together for end users.

More info:

https://lists.debian.org/msgid-search/20190113192343.qg3ekmtnyepscwxb@tack.einval.com

Ubuntu bug 1798863, CVE-2018-18653, UEFI Secure Boot vuln

The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification.[…]

Source: MITRE
Description Last Modified: 10/25/2018

https://nvd.nist.gov/vuln/detail/CVE-2018-18653

[…]This flaw is introduced by certain configuration options in combination with this out-of-tree patch from the Lockdown patchset[…]

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1798863

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1798863/comments/23

https://vuldb.com/?id.125976
Current Exploit Price (≈) $5k-$25k

sb-kmod-signload.sh: UEFI Secure Boot sign and load utility for Linux kernel modules

This script provides commands to sign a designated list of kernel modules and loads them via modprobe into the linux kernel. This was built to specfically address the issue of having to re-sign and reload kernel modules after upgrading the linux kernel, so they are not rejected by UEFI Secure Boot. (e.g. virtualbox kernel modules). As an example, this script is defaulted to load virtualbox kernel modules and will look for the private key and x509 cert in a specific directory. Please change these values inside the script as needed.[…]

https://github.com/plyint/sb-kmod-signload.sh

 

 

UK Gov security guidance for Ubuntu, including Secure Boot

The UK government has guidance on secure usage of Ubuntu. It appears to be newly-written.

Lots of useful information, and it mentions that Secure Boot is only active at some time: nice to see that level of detail.

https://www.ncsc.gov.uk/guidance/eud-security-guidance-ubuntu-1804-lts

Secure Boot section:

Secure boot validates the bootloader, kernel and kernel modules. However, some boot-related files are not protected by default and could be modified by an attacker to tamper with the boot process. Hardening of the boot process can help mitigate the risk.

Ubuntu does not use any dedicated hardware to protect its disk encryption keys. If an attacker can get physical access to the device, they can perform an offline brute-force attack to recover the encryption password.

Encryption keys protecting sensitive data remain available to an attacker when the device is locked. This means that if the device is attacked while powered on and locked, keys and data on the device may be compromised without the attacker knowing the password.

Booting Secure [on Apple systems]

http://michaellynn.github.io/2018/07/27/booting-secure/

PS: A few articles on the new T2 processor as well:

https://www.computerworld.com/article/3290415/apple-mac/the-macbook-pro-s-t2-chip-boosts-enterprise-security.html

https://www.digitaltrends.com/computing/apple-t2-chip-brings-deeper-secuirty-to-macbook-pro/

The MacBook Pro’s T2 chip boosts enterprise security: Secure boot, even for Windows installations on a Mac

Apple: new/updated T2 chip and Secure Boot support articles

Re: https://firmwaresecurity.com/2018/07/12/apple-releases-new-systems-with-t2-chip-and-uefi-secureboot/ and

https://firmwaresecurity.com/2017/12/20/apple-kb-article-on-secure-boot/

the latter Apple support article on Secure Boot has been updated recently:

About Secure Boot

https://support.apple.com/en-us/HT208330

Mac computers that have the Apple T2 chip

https://support.apple.com/en-us/HT208862

Apple releases new systems with T2 chip and UEFI SecureBoot

https://www.apple.com/newsroom/2018/07/apple-updates-macbook-pro-with-faster-performance-and-new-features-for-pros/

Ubuntu: DKMS modules need to be configured to work with UEFI Secure Boot

I just noticed this nice document on Ubuntu security features, maybe it is new, maybe I never noticed it before:

https://wiki.ubuntu.com/Security/Features#secure-boot

I also notice this page, which I believe has recently been updated:

DKMS modules need to be configured to work with UEFI Secure Boot

Ubuntu is now checking module signing by default, on kernels 4.4.0-18.34, 4.4.0-21.37, 4.2.0-42.49, 3.19.0-65.73 and 3.13.0-92.139 onwards. You can read more details in this bug in Launchpad. Because of those changes, DKMS modules will not work on systems with Secure Boot enabled unless correctly configured. In order to make DKMS work, Secure Boot signing keys for the system must be imported in the system firmware, otherwise Secure Boot needs to be disabled. There are several methods to configure your system to properly load DKMS modules with Secure Boot enabled.

https://wiki.ubuntu.com/UEFI/SecureBoot/DKMS

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1566221

 

VMWare: Enable or Disable UEFI Secure Boot for a Virtual Machine

I believe this is a new (or revised) document [to me].

[…]VMware Tools version 10.1 or later is required for virtual machines that use UEFI secure boot. You can upgrade those virtual machines to a later version of VMware Tools when it becomes available.

For Linux virtual machines, VMware Host-Guest Filesystem is not supported in secure boot mode. Remove VMware Host-Guest Filesystem from VMware Tools before you enable secure boot.[…]

https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-898217D4-689D-4EB5-866C-888353FE241C.html

 

RISC-V: Secure Boot and Remote Attestation in the Sanctum Processor

Cryptology ePrint Archive: Report 2018/427

Secure Boot and Remote Attestation in the Sanctum Processor

During the secure boot process for a trusted execution environment, the processor must provide a chain of certificates to the remote client demonstrating that their secure container was established as specified. This certificate chain is rooted at the hardware manufacturer who is responsible for constructing chips according to the correct specification and provisioning them with key material. We consider a semi-honest manufacturer who is assumed to construct chips correctly, but may attempt to obtain knowledge of client private keys during the process. Using the RISC-V Rocket chip architecture as a base, we design, document, and implement an attested execution processor that does not require secure non-volatile memory, nor a private key explicitly assigned by the manufacturer. Instead, the processor derives its cryptographic identity from manufacturing variation measured by a Physical Unclonable Function (PUF). Software executed by a bootloader built into the processor transforms the PUF output into an elliptic curve key pair. The (re)generated private key is used to sign trusted portions of the boot image, and is immediately destroyed. The platform can therefore provide attestations about its state to remote clients. Reliability and security of PUF keys are ensured through the use of a trapdoor computational fuzzy extractor.

We present detailed evaluation results for secure boot and attestation by a client of a Rocket chip implementation on a Xilinx Zynq 7000 FPGA.

https://eprint.iacr.org/2018/427

https://eprint.iacr.org/2018/427.pdf

Lenovo LEN-20241: System x Secure Boot Vulnerability

System x Secure Boot Vulnerability
Lenovo Security Advisory: LEN-20241
Potential Impact: Booting unauthenticated code
Severity: High
Scope of Impact: Lenovo-only
CVE Identifier: CVE-2017-3775

Lenovo internal testing discovered some System x server BIOS/UEFI versions that, when Secure Boot mode is enabled by a system administrator, do not properly authenticate signed code before booting it. As a result, an attacker with physical access to the system could boot unsigned code. Lenovo ships these systems with Secure Boot disabled by default, because signed code is relatively new in the data center environment, and standard operator configurations disable signature checking. Apply the BIOS/UEFI update appropriate for your model described in the product impact section below. If you are relying on Secure Boot, you may want to control physical access to systems prior to applying the updates.[…]

https://support.lenovo.com/us/en/solutions/len-20241
https://threatpost.com/lenovo-patches-arbitrary-code-execution-flaw/131725/

On the Path to a Secure Boot Solution for RISC-V

On the Path to a Secure Boot Solution for RISC-V
By SecureRF | April 26, 2018 | 0

As the RISC-V ISA gains in popularity and more industries proceed with plans to build and deploy systems based on RISC-V technologies, the security requirements of those systems will grow. One avenue that hackers have used to exploit systems has been to modify the firmware and cause it to misbehave. For example, one of the recent vehicle hacks involved corrupting firmware in order to jump from an infotainment center to the CAN-BUS. The solution to this style of attack is a secure boot, and with minimal additions to the ISA, RISC-V can provide secure boot hooks directly. Secure boot is a self-hosted root of trust that uses a digital signature and a known, trusted, public key to protect the firmware before it loads. The RISC-V system validates the signature over the firmware using the trusted public key and will run the code only if the signature verifies correctly. If the firmware has been modified in any way, the signature validation will fail. Once this initial trusted load completes, subsequent loads can use the same process to chain the trust to additional loads.[…]

https://www.securerf.com/path-secure-boot-solution-risc-v/

GetSecureBootPolicy.ps1: Partially-completed Secure Boot policy parser

Re: https://firmwaresecurity.com/2018/03/31/geoff-chappell-secure-boot-internals/

https://github.com/mattifestation/BCD

Click on above URL or remove spaces in below URL (WordPress mangles Github Gist URLs…)

https://gist. github.com/mattifestation /f1e160bc970c8a7b82355d7e5946901b

Oracle Solaris 11.4: UEFI Secure Boot on Intel HW

UEFI Secure Boot on Oracle Solaris x86 enables you to install and boot Oracle Solaris on platforms where UEFI Secure Boot is enabled. This feature provides more security by maintaining a chain of trust during boot: digital signatures of the firmware and software are verified before executing the next stage. No break occurs in the chain because of unsigned, corrupt, or rogue firmware or software during the boot process. This feature helps assure that the firmware and software used to boot Oracle Solaris on a hardware platform is correct, and has not been modified or corrupted.

https://docs.oracle.com/cd/E72435_01/html/E72445/grijo.html
https://docs.oracle.com/cd/E37838_01/html/E60974/index.html
https://blogs.oracle.com/solaris/oracle-solaris-114-beta-released
https://github.com/oracle/solaris-userland/tree/master/components/shim
https://www.phoronix.com/scan.php?page=news_item&px=Oracle-Linux-7-Update-4