Guest secure boot with static keys
Secure boot or verified boot is a firmware and software mechanism that protects the integrity of operating system (OS) boot components. Malicious software such as boot kits and root kits can be used to subvert bootloader and OS security during the boot process. These threats are countered by public key cryptography. The binary hash of boot components are signed by private keys and their signatures are verified by the corresponding public keys. The boot component image hash is compared with the signature hash and only if they match is the boot process allowed to continue. The verification procedure ensures that the integrity of the boot components is intact.
Basic Linux on Power LPAR secure boot security terminology
Appended Signature and PKCS #71 block:
An appended signature is a small data block that is concatenated to the end of each boot component binary image to store the signature. A PKCS #7 structure that is contained inside the appended signature has a series of signer_info blocks, which can store signatures. While parsing the appended signature block, the code iterates through each signer_info block to verify the signature data. An appended signature block contains 2 main parts: signature metadata and a PKCS #7 block.
Signature metadata contains information about the signature such as algorithm (public key cryptographic algorithm that is used), hash digest algorithm, signer length, key_id_length, and other information. A PKCS #7 block stores the actual signature digest and can have a series of signer_info blocks that can store signatures.
X.509 certificate
X.509 certificates are a standard IETF-specified format that stores public keys along with the details of the certifying authority. This format is followed for storing public keys in both the static- and dynamic-based secure boot solutions. Some of the most important pieces of information that is stored inside an X.509 certificate is the serial number, issuer that describes the certifying authority, and the public key.
Overview
Boot Image Verification
Linux® logical partition (LPAR) secure boot ensures the integrity of the Linux boot stack. The hypervisor and partition firmware are part of the core root of trust. The partition firmware verifies the appended signature on the GRUB image before handing control to GRUB. Similarly, GRUB verifies the appended signature on the kernel image before booting the OS. This ensures that every image that runs at boot time is verified and trusted.
Key Management
By default, the Linux LPAR secure boot uses static key management. This means that each image (A) embeds the required keys to verify the image (B) that image (A) loads. For example, the keys that are used to verify that the GRUB image are built into the firmware image. Similarly, the keys that are used for verifying that the kernel image are built into the GRUB image. These keys are pre-defined keys and they cannot be modified at run time. Any changes to the static keys require both firmware and OS updates.
The following diagram represents how the static key-based guest secure boot solution works. The numbers represent the chronological order of operation for each individual boot component.
Secure boot modes
- Disabled
- Enabled and log only
- Enabled and enforced
- Disabled
- Enabled and enforced
Administrators can configure this setting from the HMC for each LPAR. The default setting is Disabled. This setting is available under Advanced Settings.
Limitations
- Key rotations for the GRUB or kernel require a complete firmware update.
- Administrators have no ability to take control of the LPAR and manage their keys.
- User-signed custom builds for kernel or GRUB does not boot by using static key management.
- Secure boot enables lockdown in the kernel to restrict direct or indirect access to the running kernel, which protects against unauthorized modifications to the kernel or access to sensitive kernel data.
- Lockdown impacts some of the IBM Power platform functions that are accessible by using the userspace RTAS interface. The following table indicates what features are supported when lockdown is enabled.
Feature | Red Hat Enterprise Linux (RHEL) 9.4 and earlier | SUSE Linux Enterprise Server (SLES) 15 SP 5 and earlier | SLES 15 SP 6 and later |
---|---|---|---|
HMC-LPAR communication RMC |
No |
No |
Experimental |
Operating system shutdown by using HMC |
No |
No |
Experimental |
Live Partition Mobility (LPM) |
No |
No |
Experimental |
Processor DLPAR |
No |
No |
Experimental |
Memory DLPAR |
No |
No |
Experimental |
I/O DLPAR |
No |
No |
No |
VPD retrieval |
No |
No |
Experimental |
Platform dump retrieval |
No |
No |
No |
Light path diagnostics |
No |
No |
No |
Support matrix
The supported combinations of firmware and Linux distribution releases for secure boot key management is listed in the following tables:
Firmware release version | Distro release version | Key management mode |
---|---|---|
FW 1010 |
Red Hat® Enterprise Linux (RHEL) 9.2, 9.3, and 9.4 SUSE Linux Enterprise Server (SLES) 15 service pack (SP) 4, 5, and 6 |
Static |
FW 1020 |
RHEL 9.2, 9.3, and 9.4 SLES 15 SP 4, 5, and 6 |
Static |
FW 1030 |
RHEL 9.2, 9.3, and 9.4 SLES 15 SP 4, 5, and 6 |
Static |
FW 1040 |
RHEL 9.2, 9.3, and 9.4 SLES 15 SP 4, 5, and 6 |
Static |
FW 1050 |
RHEL 9.2, 9.3, and 9.4 SLES 15 SP 4, 5, and 6 |
Static (HMC provides an option to enable dynamic key management, but it is not currently supported)1 |
FW 1060 |
RHEL 9.2, 9.3, and 9.4 SLES 15 SP 4, 5, and 6 |
Static (HMC provides an option to enable dynamic key management, but it is not currently supported)1 |
Note:
|
Firmware Version | Supported Grub Verification Keys |
---|---|
FW1010.00, FW1010.10 |
Red Hat Secureboot 602 Serial Number=00d39c4133dd6b5f45 KeyID=e86a1cab2c48f96036a2f07b8ed29db42a2898c8
|
FW1010.20 |
Red Hat Secureboot 602 Serial Number=00d39c4133dd6b5f45 KeyID=e86a1cab2c48f96036a2f07b8e
SUSE Secure Boot signing key 20210225 Serial Number=00ed8785b78ffc127e KeyID=ecab0d42c456cf770436b973993862965e87262f |
FW1010.30, FW1010.40, FW1010.50 |
Red Hat Secureboot 702 Serial Number=00e41f32362a936b1e KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e SUSE Secure Boot signing key 20220525 Serial Number=00ed8785b78ffc1280 KeyID=f33fa22ef28fcb9dc18d43d20bc7ef65c1c565e4 |
FW1010.60 and later |
Red Hat Secureboot 702 Serial Number=00e41f32362a936b1e KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e SUSE Secure Boot signing key 20230301 Serial Number=00cafcb5d75ec58982 KeyID=ecab0d42c456cf770436b973993862965e87262f |
FW1020.00, FW1020.10, FW1020.30 |
Red Hat Secureboot 702 Serial Number=00e41f32362a936b1e KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e SUSE Secure Boot signing key 20220525 Serial Number=00ed8785b78ffc1280 KeyID=f33fa22ef28fcb9dc18d43d20bc7ef65c1c565e4 |
FW1020.40 and later |
Red Hat Secureboot 702 Serial Number =00e41f32362a936b1e KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e SUSE Secure Boot signing key 20230301 Serial Number=00cafcb5d75ec58982 KeyID=ecab0d42c456cf770436b973993862965e87262f |
FW1030.00, FW1030.10 |
Red Hat Secureboot 702 Serial Number=00e41f32362a936b1e KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e
SUSE Secure Boot signing key 20220525 Serial Number=00ed8785b78ffc1280 KeyID=f33fa22ef28fcb9dc18d43d20bc7ef65c1c565e4 |
FW1030.20, FW1030.30, FW1030.40, FW1030.50 |
Red Hat Secureboot 702 Serial Number =00e41f32362a936b1e KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e
SUSE Secure Boot signing key 20230301 Serial Number=00cafcb5d75ec58982 KeyID=ecab0d42c456cf770436b973993862965e87262f |
FW1030.60 and later |
Red Hat Secureboot 702 Serial Number =00e41f32362a936b1e KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e
SUSE Secure Boot signing key 20230301 Serial Number=00cafcb5d75ec58982 KeyID=ecab0d42c456cf770436b973993862965e87262f
SUSE Secure Boot signing key 20230510 Serial Number=00cafcb5d75ec58983 KeyID=ecab0d42c456cf770436b973993862965e87262f
|
FW1040.00 and later |
Red Hat Secureboot 702 Serial Number=00e41f32362a936b1e KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e
SUSE Secure Boot signing key 20230301 Serial Number=00cafcb5d75ec58982 KeyID=ecab0d42c456cf770436b973993862965e87262f |
FW1050.00, FW1050.10 |
Red Hat Secureboot 702 Serial Number=00e41f32362a936b1e KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e
SUSE Secure Boot signing key 20230301 Serial Number=00cafcb5d75ec58982 KeyID=ecab0d42c456cf770436b973993862965e87262f |
FW1050.20 and later |
Red Hat Secureboot 702 Serial Number =00e41f32362a936b1e KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e SUSE Secure Boot signing key 20230301 Serial Number=00cafcb5d75ec58982 KeyID=ecab0d42c456cf770436b973993862965e87262f
SUSE Secure Boot signing key 20230510 Serial Number=00cafcb5d75ec58983 KeyID=ecab0d42c456cf770436b973993862965e87262f
|
FW1060.00 and later |
Red Hat Secureboot 702 Serial Number=00e41f32362a936b1e KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e
SUSE Secure Boot signing key 20230301 Serial Number=00cafcb5d75ec58982 KeyID=ecab0d42c456cf770436b973993862965e87262f
SUSE Secure Boot signing key 20230510 Serial Number=00cafcb5d75ec58983 KeyID=ecab0d42c456cf770436b973993862965e87262f
|