Secure Boot

Tango-go-next.pngThis article or section is a candidate for moving to Unified Extensible Firmware Interface/Secure Boot.Tango-go-next.png

Notes: Secure Boot is a direct UEFI feature. (Discuss in Talk:Secure Boot#Move to "Unified Extensible Firmware Interface/Secure Boot")

For an overview about Secure Boot in Linux see Rodsbooks' Secure Boot article. This article focuses on how to set up Secure Boot in Arch Linux.

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: Need to explain the relationship with Win8 which is already document here. Not sure how to integrate the info without duplication. (Discuss in Talk:Secure Boot#)

Using a signed boot loader

Booting archiso

Tango-view-refresh-red.pngThis article or section is out of date.Tango-view-refresh-red.png

Reason: Since archlinux-2016.06.01-dual.iso, bootx64.efi (PreLoader) and HashTool.efi in archiso are not signed. (Discuss in Talk:Secure Boot#)

Booting the archiso with Secure Boot enabled is possible since the EFI applications PreLoader.efi and HashTool.efi have been added to it. A message will show up that says Failed to Start loader... I will now execute HashTool. To use HashTool for enrolling the hash of loader.efi and vmlinuz.efi, follow these steps.

  • Select OK
  • In the HashTool main menu, select Enroll Hash, choose \loader.efi and confirm with Yes. Again, select Enroll Hash and archiso to enter the archiso directory, then select vmlinuz.efi and confirm with Yes. Then choose Exit to return to the boot device selection menu.
  • In the boot device selection menu choose Arch Linux archiso x86_64 UEFI CD

The archiso boots, and you are presented with a shell prompt, automatically logged in as root. To check if the archiso was booted with Secure Boot, use this command:

$ od -An -t u1 /sys/firmware/efi/efivars/SecureBoot-XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

The characters denoted by XXXX differ from machine to machine. To help with this, you can use tab completion or list the EFI variables.

If a Secure Boot is enabled, this command returns 1 as the final integer in a list of five, for example:

6  0  0  0  1

For a verbose status, another way is to execute:

# bootctl status

Set up PreLoader

Warning: PreLoader.efi and HashTool.efi in efitools package are not signed, so their usefulness is limited. You can get a signed PreLoader.efi and HashTool.efi from preloader-signedAUR or download them manually.

Install preloader-signedAUR and copy PreLoader.efi and HashTool.efi to the boot loader directory; for systemd-boot use:

# cp /usr/share/preloader-signed/{PreLoader,HashTool}.efi esp/EFI/systemd

Now copy over the boot loader binary and rename it to loader.efi; for systemd-boot use:

# cp esp/EFI/systemd/systemd-bootx64.efi esp/EFI/systemd/loader.efi

Finally, create a new NVRAM entry to boot PreLoader.efi:

# efibootmgr --disk /dev/sdX --part Y --create --label "PreLoader" --loader /EFI/systemd/PreLoader.efi

Replace X with the drive letter and replace Y with the partition number of the EFI System Partition.

This entry should be added to the list as the first to boot; check with the efibootmgr command and adjust the boot-order if necessary.

Fallback

If there are problems booting the custom NVRAM entry, copy HashTool.efi & loader.efi to the default loader location booted automatically by UEFI systems:

# cp /usr/share/preloader-signed/HashTool.efi esp/EFI/Boot
# cp esp/EFI/systemd/systemd-bootx64.efi esp/EFI/Boot/loader.efi

Copy over PreLoader.efi and rename it:

# cp /usr/share/preloader-signed/PreLoader.efi esp/EFI/Boot/bootx64.efi

For particularly intransigent UEFI implementations, copy PreLoader.efi to the default loader location used by Windows systems:

# mkdir -p esp/EFI/Microsoft/Boot
# cp /usr/share/preloader-signed/PreLoader.efi esp/EFI/Microsoft/Boot/bootmgfw.efi
Note: If dual-booting with Windows, backup the original bootmgfw.efi first as replacing it may cause problems with Windows updates.

As before, copy HashTool.efi & loader.efi to esp/EFI/Microsoft/Boot

When the system starts with Secure Boot enabled, follow the steps above to enrol loader.efi and /vmlinuz-linux (or whichever kernel image is being used).

Remove PreLoader

Note: Since you are going to remove stuff, is a good idea to backup it.

Uninstall preloader-signedAUR and simply remove the copied files and revert configuration; for systemd-boot use:

# rm esp/EFI/systemd/{PreLoader,HashTool}.efi
# rm esp/EFI/systemd/loader.efi
# efibootmgr -b N -B
# bootctl update

Where N is the NVRAM boot entry created for booting PreLoader.efi. Check with the efibootmgr command and adjust the boot-order if necessary.

Note: The above commands cover the easiest case; if you have created, copied, renamed or edited further files probably you have to handle with them, too. If PreLoader was your operational boot entry, you obviously also need to #Disable Secure Boot.

Using your own keys

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: instructions needed, testing too, a subsection on backing up existing keys prior to replacing them should be added (Discuss in Talk:Secure Boot#Separate pre-signed and self-signed)
Tip:

Secure Boot implementations use these keys:

Platform Key (PK)
Top-level key
Key Exchange Key (KEK)
Key used to sign signature databases or EFI binaries
Signature Database (db)
Contains keys and/or hashes used to sign EFI binaries
Forbidden Signatures Database (dbx)
Contains keys and/or hashes used to blacklist EFI binaries

To use Secure Boot you need at least PK, KEK and db keys.

Once Secure Boot is in "User Mode" keys can only be updated by signing (using sign-efi-sig-list) the update with a higher level key. Platform key can be signed by itself.

Creating keys

To generate keys, install efitools.

You will need keys and certificates in multiple formats:

  1. Create keys and PEM format certificates for sbsign
  2. Convert certificates to DER format for firmware
  3. Convert certificates to EFI Signature List for KeyTool

Create a GUID for owner identification:

$ uuidgen --random

Platform key:

$ openssl req -new -x509 -newkey rsa:2048 -subj "/CN=my PK/" -keyout PK.key -out PK.crt -days 3650 -nodes -sha256
$ openssl x509 -outform DER -in PK.crt -out PK.cer
$ cert-to-efi-sig-list -g GUID PK.crt PK.esl
$ sign-efi-sig-list -g GUID -k PK.key -c PK.crt PK PK.esl PK.auth

Create an empty file null.esl and sign it to allow deleting Platform Key:

$ sign-efi-sig-list -g GUID -c PK.crt -k PK.key PK null.esl rm_PK.auth

Key Exchange Key:

$ openssl req -new -x509 -newkey rsa:2048 -subj "/CN=my KEK/" -keyout KEK.key -out KEK.crt -days 3650 -nodes -sha256
$ openssl x509 -outform DER -in KEK.crt -out KEK.cer
$ cert-to-efi-sig-list -g GUID KEK.crt KEK.esl

Signature Database:

$ openssl req -new -x509 -newkey rsa:2048 -subj "/CN=my db/" -keyout db.key -out db.crt -days 3650 -nodes -sha256
$ openssl x509 -outform DER -in db.crt -out db.cer
$ cert-to-efi-sig-list -g GUID db.crt db.esl

Signing bootloader and kernel

When Secure Boot is active (i.e. in "User Mode") you will only be able to launch signed binaries, so you need to sign your kernel and boot loader.

Install sbsigntools.

Note: If running sbsign without --output the resulting file will be filename.signed.
# sbsign --key db.key --cert db.crt --output /boot/vmlinuz-linux /boot/vmlinuz-linux
# sbsign --key db.key --cert db.crt --output esp/EFI/BOOT/BOOTX64.EFI esp/EFI/BOOT/BOOTX64.EFI
Tip: To check if a binary is signed and list its signatures use
$ sbverify --list /path/to/binary
Tip: You can use sbupdate-gitAUR to automatically sign your kernels on update. This will also take care of embedding the otherwise unprotected initramfs and kernel command line into the signed UEFI image.

Put firmware in "Setup Mode"

Secure Boot is in Setup Mode when the Platform Key is removed. To put firmware in Setup Mode, enter firmware setup utility and find an option to delete or clear certificates.

Enrol keys in firmware

Copy all *.cer, *.esl, *.auth to a FAT formatted file system (you can use EFI System Partition).

Launch firmware setup utility or KeyTool and enrol db, KEK and PK certificates.

If the used tool supports it prefer using .auth and .esl over .cer.

Warning: Enrolling Platform Key sets Secure Boot in "User Mode", so it needs to be enrolled last.

Using firmware setup utility

Firmwares have various different interfaces, see Replacing Keys Using Your Firmware's Setup Utility for example how to enrol keys.

Using KeyTool

KeyTool.efi is in efitools package, copy it to ESP. To use it after enrolling keys, sign it with sbsign.

# sbsign --key db.key --cert db.crt --output esp/EFI/KeyTool-signed.efi /usr/share/efitools/efi/KeyTool.efi

Launch KeyTool-signed.efi using firmware setup utility, boot loader or UEFI Shell and enrol keys.

See Replacing Keys Using KeyTool for explanation of KeyTool menu options.

Disable Secure Boot

The Secure Boot feature can be disabled via the UEFI firmware interface. You may access the firmware configuration by pressing a special key during the boot process. The key to use depends on the firmware. It is usually one of Esc, F2, Del or possibly another Fn key.

If using a hotkey did not work and you can boot Windows, you can force a reboot into the firmware configuration in the following way (for Windows 10): Settings > Update & Security > Recovery > Advanced startup (Restart now) > Troubleshoot > Advanced options > UEFI Firmware settings > restart.

Note that some motherboards (this is the case in a Packard Bell laptop) only allow to disable secure boot if you have set an administrator password (that can be removed afterwards). See also Rod Smith's Disabling Secure Boot.

See also