Devuan bug report logs - #553
sbsigntool: sbverify fails to verify boot images signed with the Debian Secure Boot Signer 2020 public key

Package: sbsigntool; Reported by: Stribik András <stribika@gmail.com>; dated Fri, 26 Feb 2021 18:48:02 UTC; Maintainer for sbsigntool is (unknown).

Message received at submit@bugs.devuan.org:


Received: (at submit) by bugs.devuan.org; 26 Feb 2021 18:40:02 +0000
Return-Path: <stribika@gmail.com>
Delivered-To: devuanbugs@dyne.org
Received: from tupac3.dyne.org [195.169.149.119]
	by doc.devuan.org with IMAP (fetchmail-6.4.0.beta4)
	for <debbugs@localhost> (single-drop); Fri, 26 Feb 2021 18:40:02 +0000 (UTC)
Received: from mail-ua1-f42.google.com (mail-ua1-f42.google.com [209.85.222.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by vm6.ganeti.dyne.org (Postfix) with ESMTPS id E7DA8F604C9
	for <submit@bugs.devuan.org>; Fri, 26 Feb 2021 19:29:53 +0100 (CET)
Authentication-Results: vm6.ganeti.dyne.org;
	dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="fs4MPlNi";
	dkim-atps=neutral
Received: by mail-ua1-f42.google.com with SMTP id m15so3351363uah.7
        for <submit@bugs.devuan.org>; Fri, 26 Feb 2021 10:29:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:from:date:message-id:subject:to;
        bh=sqA54NwJFPDDfcmFpDVGNxnooXMiiF81iifqBvTqddI=;
        b=fs4MPlNicyc78cmt3CZ1ARp08zJdO53sdxqLmn3OVvKdJ095gcSZCC+mDvvhxrzf8n
         oJtCMfOSnuQThsUaPauwb2DHAifBwjP9DpThmsSYK3E8HRtr+EUkoFsusl2YOU0JGIbM
         OcbOz1kYbG0K6d+q6+gUp6KGeSHRweTyHaox/ICBGAhQEf6Q4Z90Pzx+yvOeS+SLFDaS
         VE0hpg0xHKgcMBpip6KJXdwW2gRbGqh7iRxTEx0U9aBnx5rNLMcho/5Pp2lMh7t14+sY
         uqNib5zP4S4sZrji0wlUaTL+kytzeL9RTlIpbP1zBfM+yJjfvU/HPqNtDLXPPFyEYkHY
         nYig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
        bh=sqA54NwJFPDDfcmFpDVGNxnooXMiiF81iifqBvTqddI=;
        b=c8IacEdTcUJDzBTim+Bs6LQnlq0pOgOWIK+/QD87zv1Uy9DyIp6Eas38Iv4Migvmy9
         3W+u+j4MjMwYl1Uc6OZxS6VQQCBnqL/QlUJ8DgWOpYrOfAjXAYznLMqxKcJ80SKgoTRy
         OMTD2bkjQQwHaBhujS8N6UjwV6noVtKa+7lSEnrL7haoYgpmbUMEJ7Z1NcrWMcxvf5Jk
         SSX9dNbQgEDocDrZX391js+mR1JhguCzkIQjjB0NEthzct/bcUTG1wZTHVMo+b4RiZGk
         geTMm25yVzgrOb4ar3FbWblD7ynkyoFlb/hMk0Fixih+T0fWa/pWHrg/nkmoriHL7I3c
         7z6Q==
X-Gm-Message-State: AOAM533HwEiFLXDcTXMc2oi1UvETBSadbzGOoKstuV2MrFzeBRtBrVL3
	0mOSc3TSY+NAKj5fHbjPetnu1rDL0ukwxfUG8AvFoDqQNaY=
X-Google-Smtp-Source: ABdhPJxrVqx0lHfdnauWH983fOR4dIvdXuCGuYNq/JzCk/uYB7KQfW3Ztf+7Ke6ksigiqo+IJn7VE9d7jB/3TQrez1g=
X-Received: by 2002:ab0:1e48:: with SMTP id n8mr2850903uak.68.1614364184341;
 Fri, 26 Feb 2021 10:29:44 -0800 (PST)
MIME-Version: 1.0
From: =?UTF-8?Q?Stribik_Andr=C3=A1s?= <stribika@gmail.com>
Date: Fri, 26 Feb 2021 13:29:33 -0500
Message-ID: <CACe8S_Y4wxJXera9afUpHBOPLuVqWaVPy=wFEE7q3PFCnWD=4A@mail.gmail.com>
Subject: sbsigntool: sbverify fails to verify boot images signed with the
 Debian Secure Boot Signer 2020 public key
To: Devuan Bug Tracking System <submit@bugs.devuan.org>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,
	RCVD_IN_MSPIKE_H2,SPF_PASS autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org

Package: sbsigntool
Version: 0.9.2-2
Severity: normal
X-Debbugs-Cc: stribika@gmail.com

Dear Maintainer,

I was trying to verify the secure boot signatures on the GRUB and kernel
images. I exported all of the trusted public keys using mokutil, and
converted them to PEM format.

    # mokutil --export --pk
    # mokutil --export --kek
    # mokutil --export --db
    # mokutil --export
    # for derfile in ./*.der; do
    >     openssl x509 -inform der -outform pem -in "$derfile" -out
"${derfile}.pem"
    > done
    # rename 's/.der.pem$/.pem/' ./*.der.pem
    # for pemfile in ./*.pem; do
    >     echo "$pemfile"
    >     openssl x509 -inform pem -in "$pemfile" -text | grep 'CN ='
    > done
    ./DB-0001.pem
            Issuer: C = US, ST = Washington, L = Redmond, O =
Microsoft Corporation, CN = Microsoft Root Certificate Authority 2010
            Subject: C = US, ST = Washington, L = Redmond, O =
Microsoft Corporation, CN = Microsoft Windows Production PCA 2011
    ./DB-0002.pem
            Issuer: C = US, ST = Washington, L = Redmond, O =
Microsoft Corporation, CN = Microsoft Corporation Third Party
Marketplace Root
            Subject: C = US, ST = Washington, L = Redmond, O =
Microsoft Corporation, CN = Microsoft Corporation UEFI CA 2011
    ./DB-0003.pem
            Issuer: C = US, O = HP Inc., CN = HP Inc. DB Key 2016 CA
            Subject: CN = HP UEFI Secure Boot DB 2017, OU = CODE-SIGN,
C = US, O = HP Inc.
    ./KEK-0001.pem
            Issuer: C = US, ST = Washington, L = Redmond, O =
Microsoft Corporation, CN = Microsoft Corporation Third Party
Marketplace Root
            Subject: C = US, ST = Washington, L = Redmond, O =
Microsoft Corporation, CN = Microsoft Corporation KEK CA 2011
    ./KEK-0002.pem
            Issuer: C = US, O = HP Inc., CN = HP Inc. KEK 2016 CA
            Subject: CN = HP UEFI Secure Boot KEK 2017, OU =
CODE-SIGN, C = US, O = HP Inc.
    ./MOK-0001.pem
            Issuer: CN = strib.tech
            Subject: CN = strib.tech
    ./MOK-0002.pem
            Issuer: CN = Debian Secure Boot CA
            Subject: CN = Debian Secure Boot CA
    ./PK-0001.pem
            Issuer: C = US, O = HP Inc., CN = HP Inc. PK 2016 CA
            Subject: CN = HP UEFI Secure Boot PK 2017, OU = CODE-SIGN,
C = US, O = HP Inc.

Then, I attempted to verify each file in /boot with each key.

    # for imgfile in /boot/vmlinuz-* /boot/efi/EFI/devuan/*.efi; do
    >     for pemfile in ./*.pem; do
    >         sbverify --cert "$pemfile" "$imgfile" &> /dev/null &&
echo "$imgfile is signed with $pemfile"
    >     done
    > done
    /boot/efi/EFI/devuan/shimx64.efi is signed with ./DB-0002.pem

The outcome of this action was that only the shim had a valid signature,
which I found strange because secure boot is enabled, and the system
booted successfully. I expected instead that all of these files would
have valid signatures. Here is the error message for the GRUB image, for
example, all the others are the same.

    warning: data remaining[1106288 vs 1261192]: gaps between PE/COFF sections?
    140271657757696:error:21075075:PKCS7
routines:PKCS7_verify:certificate verify
error:../crypto/pkcs7/pk7_smime.c:284:Verify error:unsupported
certificate purpose
    signature 1
    image signature issuers:
     - /CN=Debian Secure Boot CA
    image signature certificates:
     - subject: /CN=Debian Secure Boot Signer 2020
       issuer:  /CN=Debian Secure Boot CA
    PKCS7 verification failed
    Signature verification failed

These are all files from the official Devuan repo, the packages are
shim-helpers-amd64-signed, grub-efi-amd64-signed, and
linux-image-5.10.0-3-amd64. SHA256 checksums:

    87dedf11511a791d154309839b1945005db27f1571d2f9fa5844a7c72b66890b
/boot/vmlinuz-5.10.0-3-amd64
    409681bf79c7678c4a4fc9bcb1e6ebac8c855da221fb85736a9a4e5b6bb9afde
/boot/efi/EFI/devuan/fbx64.efi
    99f037a16003b465ce42b6ca1e287efe14aa84d90ed46cf448f69f46d0044788
/boot/efi/EFI/devuan/grubx64.efi
    ace876d5f0052e6742ee7903771659434668c82d38aaf0e3d264441d984c7a3b
/boot/efi/EFI/devuan/mmx64.efi
    599a102b6445fa88392b8c85a31d80ece950624219d846affbfb7131d4bf550b
/boot/efi/EFI/devuan/shimx64.efi

It seems sbverify is more picky about the additional fields in the
certificate than the shim. I also tried another tool, osslsigncode,
which failed with a similar error but was easier to modify than
sbsigntool.

    --- osslsigncode-2.1.orig/osslsigncode.c
    +++ osslsigncode-2.1/osslsigncode.c
    @@ -2521,12 +2521,6 @@ static int verify_authenticode(SIGNATURE
      goto out;
      }

    - /* check extended key usage flag XKU_CODE_SIGN */
    - if (!(X509_get_extended_key_usage(signer) & XKU_CODE_SIGN)) {
    - printf("Unsupported Signer's certificate purpose XKU_CODE_SIGN\n");
    - goto out;
    - }
    -
      verok = 1; /* OK */
     out:
      if (!verok)

With this patch, it is able to verify the signatures. I am sure this
check is there for a reason, maybe other firmware cares more about this
field, and so it is relevant.

It would be nice to have an option to disable these checks, or at least
make it clear in the error message that the signature is valid, but
there are issues with the certificate. Or you could sign the images with
a certificate that passes this more extensive validation.

Regards,
Andras Stribik

-- System Information:
Distributor ID: Devuan
Description: Devuan GNU/Linux 4 (chimaera/ceres)
Release: testing/unstable
Codename: n/a
Architecture: x86_64

Kernel: Linux 5.10.0-3-amd64 (SMP w/8 CPU threads)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8),
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /bin/dash
Init: runit (via /run/runit.stopit)
LSM: AppArmor: enabled

Versions of packages sbsigntool depends on:
ii  libc6      2.31-9
ii  libssl1.1  1.1.1j-1
ii  libuuid1   2.36.1-7+devuan1

sbsigntool recommends no packages.

sbsigntool suggests no packages.

-- no debconf information

Acknowledgement sent to Stribik András <stribika@gmail.com>:
New bug report received and forwarded. Copy sent to stribika@gmail.com, devuan-dev@lists.dyne.org. Full text available.
Report forwarded to devuan-bugs@lists.dyne.org, stribika@gmail.com, devuan-dev@lists.dyne.org:
bug#553; Package sbsigntool. Full text available.

Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Sun, 16 Jan 2022 18:39:01 UTC