CVE-2015-7837: RHEL UEFI Secure Boot


Vulnerability ID 106841
Red Hat Enterprise Linux UEFI Secure Boot privilege escalation

A vulnerability, which was classified as critical, has been found in Red Hat Enterprise Linux (the affected version is unknown). This issue affects an unknown function of the component UEFI Secure Boot. The manipulation with an unknown input leads to a privilege escalation vulnerability. Using CWE to declare the problem leads to CWE-269. Impacted is confidentiality, integrity, and availability. The weakness was released 09/19/2017 (oss-sec). The advisory is shared for download at openwall.com. The identification of this vulnerability is CVE-2015-7837 since 10/15/2015. The exploitation is known to be easy. An attack has to be approached locally. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available. The price for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 09/20/2017).[…]


Comments above seem to incidate a 9/19 update, but I can’t find that, only older messages from 2015-2016. Unclear about current status of this.



dbxparser: PowerShell script to parse UEFI DBX blacklist

dbxparser.ps1 is a PowerShell script that: dumps SHA256 hashes of blacklisted UEFI bootloaders from the ‘dbx’ UEFI variable.

Darn, Github chokes on Github Gist URLs. Remove the 3 spaces from the below URL, or click on the above Tweet.

https:// gist. github. com/mattifestation/991a0bea355ec1dc19402cef1b0e3b6f


Booting Windows from USB drive

Here’s a MSDN blog entry on how to boot Windows via a thumbdrive. It is basically an introduction to Rufus…

Installing Windows with Secure Boot from USB drive
July 18, 2017
by Anders Lybecker

Once and a while I reinstall my machine. It feels nice with a clean slate as I tend to install all kinds of applications that pollutes my machine. A newly installed machine just runs better somehow. My machine needs to be secure, so Secure Boot and encrypted drive via BitLocker is a must. It limits the risk of someone messing with my machine and stealing my data. Here is how…[…]





BTW, these days it is pretty rare to see a modern open source GUI tool that is written to use the native Windows Win32 GUI (GDI). These days, most GUIs are written using friendlier GUI frameworks/languages. Rufus is an ‘old school’ Windows tool, no drag-and-drop IDE-generated GUI code… 🙂



NXP: designing IoT devices with secure boot

NXP has a webinar for IoT makers, talking about secure booting. ‘Webinar’ scared me, but there’s no registration required. 🙂

Watch this on-demand presentation to learn how to:
* Manage the life cycle of an IoT edge node from development to deployment.
* Leverage hardware and software offerings available with the Kinetis MCU portfolio that can help you protect against attacks.
* Ease the burden of secure IoT edge node development using new processors and architectures from ARM.



slides: https://www.nxp.com/docs/en/supporting-information/Designing-Secure-IoT-Devices-Starts-with-a-Secure-Boot.pdf



Matthew on improving UEFI Secure Boot on Linux with TPMs



IBM OpenPower secure and trusted boot, Part 2

OpenPOWER secure and trusted boot, Part 2
Protecting system firmware with OpenPOWER secure boot
Making your system safe against boot code cyberattacks
Dave Heller and Nageswara Sastry
Published on June 05, 2017

This content is part 2 of 2 in the series: OpenPOWER secure and trusted boot. IBM® OpenPOWER servers offer two essential security features, trusted boot and secure boot, to help ensure the integrity of your server and safeguard against a boot code cyberattack. Trusted boot works by creating secure recordings, or measurements, of executable code as the system boots. Using a process known as remote attestation, you can retrieve these measurements securely and use them to verify the integrity of your firmware or target operating system (OS). Secure boot helps ensure the integrity of your OS and firmware as well. But rather than taking measurements for later examination, secure boot performs the validation in place, during boot, and will halt the boot process if the validation fails. These two features are complementary and work together to provide comprehensive protection of platform boot code. This article explores the secure boot method, with particular focus on protection of system firmware.[…]


Part 1 is from Feburary:




sicherboot: systemd Secure boot integration

systemd Secure boot integration

sicher*boot automatically installs systemd-boot and kernels for it into the ESP, signed with keys generated by it. The signing keys are stored unencrypted and only protected by the file system permissions. Thus, you should make sure that the file system they are stored (usually /etc) in is encrypted. After installing sicherboot, you can adjust a number of settings in /etc/sicherboot.conf and should set a kernel commandline in /etc/kernel/cmdline. Then run ‘sicherboot setup’ to get started.