Guest secure boot with static keys

Secure boot or verified boot is a firmware and software mechanism that protects the integrity of operating system (OS) boot components. Malicious software such as boot kits and root kits can be used to subvert bootloader and OS security during the boot process. These threats are countered by public key cryptography. The binary hash of boot components are signed by private keys and their signatures are verified by the corresponding public keys. The boot component image hash is compared with the signature hash and only if they match is the boot process allowed to continue. The verification procedure ensures that the integrity of the boot components is intact.

Basic Linux on Power LPAR secure boot security terminology

Appended Signature and PKCS #71 block:

An appended signature is a small data block that is concatenated to the end of each boot component binary image to store the signature. A PKCS #7 structure that is contained inside the appended signature has a series of signer_info blocks, which can store signatures. While parsing the appended signature block, the code iterates through each signer_info block to verify the signature data. An appended signature block contains 2 main parts: signature metadata and a PKCS #7 block.

Signature metadata contains information about the signature such as algorithm (public key cryptographic algorithm that is used), hash digest algorithm, signer length, key_id_length, and other information. A PKCS #7 block stores the actual signature digest and can have a series of signer_info blocks that can store signatures.

Note: 1 It is now called CMS. However, for the clarity, PKCS #7 terminology is used.

X.509 certificate

X.509 certificates are a standard IETF-specified format that stores public keys along with the details of the certifying authority. This format is followed for storing public keys in both the static- and dynamic-based secure boot solutions. Some of the most important pieces of information that is stored inside an X.509 certificate is the serial number, issuer that describes the certifying authority, and the public key.

Overview

Boot Image Verification

Linux® logical partition (LPAR) secure boot ensures the integrity of the Linux boot stack. The hypervisor and partition firmware are part of the core root of trust. The partition firmware verifies the appended signature on the GRUB image before handing control to GRUB. Similarly, GRUB verifies the appended signature on the kernel image before booting the OS. This ensures that every image that runs at boot time is verified and trusted.

Key Management

By default, the Linux LPAR secure boot uses static key management. This means that each image (A) embeds the required keys to verify the image (B) that image (A) loads. For example, the keys that are used to verify that the GRUB image are built into the firmware image. Similarly, the keys that are used for verifying that the kernel image are built into the GRUB image. These keys are pre-defined keys and they cannot be modified at run time. Any changes to the static keys require both firmware and OS updates.

The following diagram represents how the static key-based guest secure boot solution works. The numbers represent the chronological order of operation for each individual boot component.

Figure 1. Static key based secure boot solution

Secure boot modes

The HMC provides three secure boot modes:
  • Disabled
  • Enabled and log only
  • Enabled and enforced
Linux on Power supports two out of these three modes:
  • Disabled
  • Enabled and enforced

Administrators can configure this setting from the HMC for each LPAR. The default setting is Disabled. This setting is available under Advanced Settings.

Limitations

  • Key rotations for the GRUB or kernel require a complete firmware update.
  • Administrators have no ability to take control of the LPAR and manage their keys.
  • User-signed custom builds for kernel or GRUB does not boot by using static key management.
  • Secure boot enables lockdown in the kernel to restrict direct or indirect access to the running kernel, which protects against unauthorized modifications to the kernel or access to sensitive kernel data.
  • Lockdown impacts some of the IBM Power platform functions that are accessible by using the userspace RTAS interface. The following table indicates what features are supported when lockdown is enabled.
Table 1. Feature matrix
Feature Red Hat Enterprise Linux (RHEL) 9.4 and earlier SUSE Linux Enterprise Server (SLES) 15 SP 5 and earlier SLES 15 SP 6 and later
HMC-LPAR communication RMC

No

No

Experimental

Operating system shutdown by using HMC

No

No

Experimental

Live Partition Mobility (LPM)

No

No

Experimental

Processor DLPAR

No

No

Experimental

Memory DLPAR

No

No

Experimental

I/O DLPAR

No

No

No

VPD retrieval

No

No

Experimental

Platform dump retrieval

No

No

No

Light path diagnostics

No

No

No

Support matrix

The supported combinations of firmware and Linux distribution releases for secure boot key management is listed in the following tables:

Table 2. Support matrix
Firmware release version Distro release version Key management mode
FW 1010

Red Hat® Enterprise Linux (RHEL) 9.2, 9.3, and 9.4

SUSE Linux Enterprise Server (SLES) 15 service pack (SP) 4, 5, and 6

Static
FW 1020

RHEL 9.2, 9.3, and 9.4

SLES 15 SP 4, 5, and 6

Static
FW 1030

RHEL 9.2, 9.3, and 9.4

SLES 15 SP 4, 5, and 6

Static
FW 1040

RHEL 9.2, 9.3, and 9.4

SLES 15 SP 4, 5, and 6

Static
FW 1050

RHEL 9.2, 9.3, and 9.4

SLES 15 SP 4, 5, and 6

Static (HMC provides an option to enable dynamic key management, but it is not currently supported)1
FW 1060

RHEL 9.2, 9.3, and 9.4

SLES 15 SP 4, 5, and 6

Static (HMC provides an option to enable dynamic key management, but it is not currently supported)1
Note:
  1. Dynamic key management support is planned for future versions of Linux distributions.
Table 3. Supported Grub verification keys
Firmware Version Supported Grub Verification Keys
FW1010.00, FW1010.10

Red Hat Secureboot 602

Serial Number=00d39c4133dd6b5f45

KeyID=e86a1cab2c48f96036a2f07b8ed29db42a2898c8

FW1010.20

Red Hat Secureboot 602

Serial Number=00d39c4133dd6b5f45

KeyID=e86a1cab2c48f96036a2f07b8e

SUSE Secure Boot signing key 20210225

Serial Number=00ed8785b78ffc127e

KeyID=ecab0d42c456cf770436b973993862965e87262f

FW1010.30, FW1010.40, FW1010.50

Red Hat Secureboot 702

Serial Number=00e41f32362a936b1e

KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e

SUSE Secure Boot signing key 20220525

Serial Number=00ed8785b78ffc1280

KeyID=f33fa22ef28fcb9dc18d43d20bc7ef65c1c565e4

FW1010.60 and later

Red Hat Secureboot 702

Serial Number=00e41f32362a936b1e

KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e

SUSE Secure Boot signing key 20230301

Serial Number=00cafcb5d75ec58982

KeyID=ecab0d42c456cf770436b973993862965e87262f

FW1020.00, FW1020.10, FW1020.30

Red Hat Secureboot 702

Serial Number=00e41f32362a936b1e

KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e

SUSE Secure Boot signing key 20220525

Serial Number=00ed8785b78ffc1280

KeyID=f33fa22ef28fcb9dc18d43d20bc7ef65c1c565e4

FW1020.40 and later

Red Hat Secureboot 702

Serial Number =00e41f32362a936b1e

KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e

SUSE Secure Boot signing key 20230301

Serial Number=00cafcb5d75ec58982

KeyID=ecab0d42c456cf770436b973993862965e87262f

FW1030.00, FW1030.10

Red Hat Secureboot 702

Serial Number=00e41f32362a936b1e

KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e

SUSE Secure Boot signing key 20220525

Serial Number=00ed8785b78ffc1280

KeyID=f33fa22ef28fcb9dc18d43d20bc7ef65c1c565e4

FW1030.20, FW1030.30, FW1030.40, FW1030.50

Red Hat Secureboot 702

Serial Number =00e41f32362a936b1e

KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e

SUSE Secure Boot signing key 20230301

Serial Number=00cafcb5d75ec58982

KeyID=ecab0d42c456cf770436b973993862965e87262f

FW1030.60 and later

Red Hat Secureboot 702

Serial Number =00e41f32362a936b1e

KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e

SUSE Secure Boot signing key 20230301

Serial Number=00cafcb5d75ec58982

KeyID=ecab0d42c456cf770436b973993862965e87262f

SUSE Secure Boot signing key 20230510

Serial Number=00cafcb5d75ec58983

KeyID=ecab0d42c456cf770436b973993862965e87262f

FW1040.00 and later

Red Hat Secureboot 702

Serial Number=00e41f32362a936b1e

KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e

SUSE Secure Boot signing key 20230301

Serial Number=00cafcb5d75ec58982

KeyID=ecab0d42c456cf770436b973993862965e87262f

FW1050.00, FW1050.10

Red Hat Secureboot 702

Serial Number=00e41f32362a936b1e

KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e

SUSE Secure Boot signing key 20230301

Serial Number=00cafcb5d75ec58982

KeyID=ecab0d42c456cf770436b973993862965e87262f

FW1050.20 and later

Red Hat Secureboot 702

Serial Number =00e41f32362a936b1e

KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e

SUSE Secure Boot signing key 20230301

Serial Number=00cafcb5d75ec58982

KeyID=ecab0d42c456cf770436b973993862965e87262f

SUSE Secure Boot signing key 20230510

Serial Number=00cafcb5d75ec58983

KeyID=ecab0d42c456cf770436b973993862965e87262f

FW1060.00 and later

Red Hat Secureboot 702

Serial Number=00e41f32362a936b1e

KeyID=c442130fde4c50fa1686bbf0692e3ebc64f5db3e

SUSE Secure Boot signing key 20230301

Serial Number=00cafcb5d75ec58982

KeyID=ecab0d42c456cf770436b973993862965e87262f

SUSE Secure Boot signing key 20230510

Serial Number=00cafcb5d75ec58983

KeyID=ecab0d42c456cf770436b973993862965e87262f

For more information about RHEL and SLES distributions that support keys, see: