[systemd-devel] why systemd-boot (seems as everyone else) does not check the signatures of initramfs?

Felix Rubio felix at kngnt.org
Wed May 24 17:01:28 UTC 2023 

Hi Lennart,

"Sorry, but GPG is a no-go. Not in 2023."

Yes, I understand that. What I am trying to get is a simple way to 
verify that the initramfs has not been tampered with. UKI comes with its 
own challenges, using encryption tied to a measured boot looks overkill, 
and I fully agree in which adding an authentication layer is not 
desirable. Then... what alternatives are available for just performing 
verification of the initramfs? I was giving a look at IMA now, so this 
could be sorted with a policy... but I think this is not supported in 
sd-boot.

In the case I wrap the initramfs on a PE envelope, as you suggested, 
when then its signature be validated automatically? when it gets loaded? 
Because, if so... this would work enough for this use case.

Thank you

---
Felix Rubio
"Don't believe what you're told. Double check."

On 2023-05-24 18:11, Lennart Poettering wrote:
> On Mi, 24.05.23 16:20, Felix Rubio (felix at kngnt.org) wrote:
> 
>> Hi Andrei, Lennart
>> 
>> @Andrei: Do you think, then, that the same private key used for 
>> SecureBoot
>> could be used for GPG signing the initramfs? That would be cool, as 
>> the
>> whole boot signing infrastructure would still depend on a single 
>> entity.
>> 
>> @Lennart: I was thinking in using a private key for which I'd enroll 
>> the
>> certificate in MOK (I mean, just following the standard use case for 
>> MOK).
>> 
>> Without having much idea about the code base of systemd-boot, I am 
>> willing
>> to give it a try (to a GPG with private key from SB) provided you 
>> think is
>> something the community might benefit from. What are your thoughts?
> 
> Sorry, but GPG is a no-go. Not in 2023.
> 
> But also I am not sure I understand what are you trying to do?
> 
> Note that shim only authenticates PE binaries, hence you'd have to
> wrap your initrd in a PE binary anyway to validate an initrd against
> MOK.
> 
> And we really don#t want to add another layer of authentication in
> sd-boot, let's leave that in uefi sb firmware + shim. i.e. we
> expressly don#t want to embedd a crypto stack like grub. And even if
> we could we don't get access to MOK iirc, shim makes that impossible
> for later boot components.
> 
> If you wrap your initrd in a PE envelope this is pretty much exactly
> what UKIs are. – Also note that there's currently a PR pending that
> allows wrapping kernel command lines in separate PE files which can be
> read by a UKI, a concept we call "add-on", which would we could extend
> to initrds too i guess, see
> https://github.com/systemd/systemd/pull/27358
> 
> Lennart
> 
> --
> Lennart Poettering, Berlin

More information about the systemd-devel mailing list