From unknown Fri Mar 29 11:53:59 2024 X-Loop: owner@bugs.devuan.org Subject: bug#553: sbsigntool: sbverify fails to verify boot images signed with the Debian Secure Boot Signer 2020 public key Reply-To: Stribik =?UTF-8?Q?Andr=C3=A1s?= , 553@bugs.devuan.org Resent-From: Stribik =?UTF-8?Q?Andr=C3=A1s?= Resent-To: devuan-bugs@lists.dyne.org Resent-CC: stribika@gmail.com, devuan-dev@lists.dyne.org X-Loop: owner@bugs.devuan.org Resent-Date: Fri, 26 Feb 2021 18:48:02 +0000 Resent-Message-ID: Resent-Sender: owner@bugs.devuan.org X-Devuan-PR-Message: report 553 X-Devuan-PR-Package: sbsigntool X-Devuan-PR-Keywords: Received: via spool by submit@bugs.devuan.org id=B.16143648021050 (code B); Fri, 26 Feb 2021 18:48:02 +0000 Received: (at submit) by bugs.devuan.org; 26 Feb 2021 18:40:02 +0000 Delivered-To: devuanbugs@dyne.org Received: from tupac3.dyne.org [195.169.149.119] by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4) for (single-drop); Fri, 26 Feb 2021 18:40:02 +0000 (UTC) Received: from mail-ua1-f42.google.com (mail-ua1-f42.google.com [209.85.222.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by vm6.ganeti.dyne.org (Postfix) with ESMTPS id E7DA8F604C9 for ; Fri, 26 Feb 2021 19:29:53 +0100 (CET) Authentication-Results: vm6.ganeti.dyne.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="fs4MPlNi"; dkim-atps=neutral Received: by mail-ua1-f42.google.com with SMTP id m15so3351363uah.7 for ; Fri, 26 Feb 2021 10:29:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=sqA54NwJFPDDfcmFpDVGNxnooXMiiF81iifqBvTqddI=; b=fs4MPlNicyc78cmt3CZ1ARp08zJdO53sdxqLmn3OVvKdJ095gcSZCC+mDvvhxrzf8n oJtCMfOSnuQThsUaPauwb2DHAifBwjP9DpThmsSYK3E8HRtr+EUkoFsusl2YOU0JGIbM OcbOz1kYbG0K6d+q6+gUp6KGeSHRweTyHaox/ICBGAhQEf6Q4Z90Pzx+yvOeS+SLFDaS VE0hpg0xHKgcMBpip6KJXdwW2gRbGqh7iRxTEx0U9aBnx5rNLMcho/5Pp2lMh7t14+sY uqNib5zP4S4sZrji0wlUaTL+kytzeL9RTlIpbP1zBfM+yJjfvU/HPqNtDLXPPFyEYkHY nYig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=sqA54NwJFPDDfcmFpDVGNxnooXMiiF81iifqBvTqddI=; b=c8IacEdTcUJDzBTim+Bs6LQnlq0pOgOWIK+/QD87zv1Uy9DyIp6Eas38Iv4Migvmy9 3W+u+j4MjMwYl1Uc6OZxS6VQQCBnqL/QlUJ8DgWOpYrOfAjXAYznLMqxKcJ80SKgoTRy OMTD2bkjQQwHaBhujS8N6UjwV6noVtKa+7lSEnrL7haoYgpmbUMEJ7Z1NcrWMcxvf5Jk SSX9dNbQgEDocDrZX391js+mR1JhguCzkIQjjB0NEthzct/bcUTG1wZTHVMo+b4RiZGk geTMm25yVzgrOb4ar3FbWblD7ynkyoFlb/hMk0Fixih+T0fWa/pWHrg/nkmoriHL7I3c 7z6Q== X-Gm-Message-State: AOAM533HwEiFLXDcTXMc2oi1UvETBSadbzGOoKstuV2MrFzeBRtBrVL3 0mOSc3TSY+NAKj5fHbjPetnu1rDL0ukwxfUG8AvFoDqQNaY= X-Google-Smtp-Source: ABdhPJxrVqx0lHfdnauWH983fOR4dIvdXuCGuYNq/JzCk/uYB7KQfW3Ztf+7Ke6ksigiqo+IJn7VE9d7jB/3TQrez1g= X-Received: by 2002:ab0:1e48:: with SMTP id n8mr2850903uak.68.1614364184341; Fri, 26 Feb 2021 10:29:44 -0800 (PST) MIME-Version: 1.0 From: Stribik =?UTF-8?Q?Andr=C3=A1s?= Date: Fri, 26 Feb 2021 13:29:33 -0500 Message-ID: To: Devuan Bug Tracking System Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_PASS autolearn=disabled version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org Package: sbsigntool Version: 0.9.2-2 Severity: normal X-Debbugs-Cc: stribika@gmail.com Dear Maintainer, I was trying to verify the secure boot signatures on the GRUB and kernel images. I exported all of the trusted public keys using mokutil, and converted them to PEM format. # mokutil --export --pk # mokutil --export --kek # mokutil --export --db # mokutil --export # for derfile in ./*.der; do > openssl x509 -inform der -outform pem -in "$derfile" -out "${derfile}.pem" > done # rename 's/.der.pem$/.pem/' ./*.der.pem # for pemfile in ./*.pem; do > echo "$pemfile" > openssl x509 -inform pem -in "$pemfile" -text | grep 'CN =' > done ./DB-0001.pem Issuer: C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = Microsoft Root Certificate Authority 2010 Subject: C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = Microsoft Windows Production PCA 2011 ./DB-0002.pem Issuer: C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = Microsoft Corporation Third Party Marketplace Root Subject: C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = Microsoft Corporation UEFI CA 2011 ./DB-0003.pem Issuer: C = US, O = HP Inc., CN = HP Inc. DB Key 2016 CA Subject: CN = HP UEFI Secure Boot DB 2017, OU = CODE-SIGN, C = US, O = HP Inc. ./KEK-0001.pem Issuer: C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = Microsoft Corporation Third Party Marketplace Root Subject: C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = Microsoft Corporation KEK CA 2011 ./KEK-0002.pem Issuer: C = US, O = HP Inc., CN = HP Inc. KEK 2016 CA Subject: CN = HP UEFI Secure Boot KEK 2017, OU = CODE-SIGN, C = US, O = HP Inc. ./MOK-0001.pem Issuer: CN = strib.tech Subject: CN = strib.tech ./MOK-0002.pem Issuer: CN = Debian Secure Boot CA Subject: CN = Debian Secure Boot CA ./PK-0001.pem Issuer: C = US, O = HP Inc., CN = HP Inc. PK 2016 CA Subject: CN = HP UEFI Secure Boot PK 2017, OU = CODE-SIGN, C = US, O = HP Inc. Then, I attempted to verify each file in /boot with each key. # for imgfile in /boot/vmlinuz-* /boot/efi/EFI/devuan/*.efi; do > for pemfile in ./*.pem; do > sbverify --cert "$pemfile" "$imgfile" &> /dev/null && echo "$imgfile is signed with $pemfile" > done > done /boot/efi/EFI/devuan/shimx64.efi is signed with ./DB-0002.pem The outcome of this action was that only the shim had a valid signature, which I found strange because secure boot is enabled, and the system booted successfully. I expected instead that all of these files would have valid signatures. Here is the error message for the GRUB image, for example, all the others are the same. warning: data remaining[1106288 vs 1261192]: gaps between PE/COFF sections? 140271657757696:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:../crypto/pkcs7/pk7_smime.c:284:Verify error:unsupported certificate purpose signature 1 image signature issuers: - /CN=Debian Secure Boot CA image signature certificates: - subject: /CN=Debian Secure Boot Signer 2020 issuer: /CN=Debian Secure Boot CA PKCS7 verification failed Signature verification failed These are all files from the official Devuan repo, the packages are shim-helpers-amd64-signed, grub-efi-amd64-signed, and linux-image-5.10.0-3-amd64. SHA256 checksums: 87dedf11511a791d154309839b1945005db27f1571d2f9fa5844a7c72b66890b /boot/vmlinuz-5.10.0-3-amd64 409681bf79c7678c4a4fc9bcb1e6ebac8c855da221fb85736a9a4e5b6bb9afde /boot/efi/EFI/devuan/fbx64.efi 99f037a16003b465ce42b6ca1e287efe14aa84d90ed46cf448f69f46d0044788 /boot/efi/EFI/devuan/grubx64.efi ace876d5f0052e6742ee7903771659434668c82d38aaf0e3d264441d984c7a3b /boot/efi/EFI/devuan/mmx64.efi 599a102b6445fa88392b8c85a31d80ece950624219d846affbfb7131d4bf550b /boot/efi/EFI/devuan/shimx64.efi It seems sbverify is more picky about the additional fields in the certificate than the shim. I also tried another tool, osslsigncode, which failed with a similar error but was easier to modify than sbsigntool. --- osslsigncode-2.1.orig/osslsigncode.c +++ osslsigncode-2.1/osslsigncode.c @@ -2521,12 +2521,6 @@ static int verify_authenticode(SIGNATURE goto out; } - /* check extended key usage flag XKU_CODE_SIGN */ - if (!(X509_get_extended_key_usage(signer) & XKU_CODE_SIGN)) { - printf("Unsupported Signer's certificate purpose XKU_CODE_SIGN\n"); - goto out; - } - verok = 1; /* OK */ out: if (!verok) With this patch, it is able to verify the signatures. I am sure this check is there for a reason, maybe other firmware cares more about this field, and so it is relevant. It would be nice to have an option to disable these checks, or at least make it clear in the error message that the signature is valid, but there are issues with the certificate. Or you could sign the images with a certificate that passes this more extensive validation. Regards, Andras Stribik -- System Information: Distributor ID: Devuan Description: Devuan GNU/Linux 4 (chimaera/ceres) Release: testing/unstable Codename: n/a Architecture: x86_64 Kernel: Linux 5.10.0-3-amd64 (SMP w/8 CPU threads) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), LANGUAGE=en_CA:en Shell: /bin/sh linked to /bin/dash Init: runit (via /run/runit.stopit) LSM: AppArmor: enabled Versions of packages sbsigntool depends on: ii libc6 2.31-9 ii libssl1.1 1.1.1j-1 ii libuuid1 2.36.1-7+devuan1 sbsigntool recommends no packages. sbsigntool suggests no packages. -- no debconf information