On Mon, 2021-11-15 at 19:15 -0500, Eric Snowberg wrote: > Back in 2013 Linus requested a feature to allow end-users to have the > ability "to add their own keys and sign modules they trust". This was > his *second* order outlined here [1]. There have been many attempts > over the years to solve this problem, all have been rejected. Many > of the failed attempts loaded all preboot firmware keys into the kernel, > including the Secure Boot keys. Many distributions carry one of these > rejected attempts [2], [3], [4]. This series tries to solve this problem > with a solution that takes into account all the problems brought up in > the previous attempts. > > On UEFI based systems, this series introduces a new Linux kernel keyring > containing the Machine Owner Keys (MOK) called machine. It also defines > a new MOK variable in shim. This variable allows the end-user to decide > if they want to load MOK keys into the machine keyring. Mimi has suggested > that only CA keys contained within the MOK be loaded into the machine > keyring. All other certs will load into the platform keyring instead. > > By default, nothing changes; MOK keys are not loaded into the machine > keyring. They are only loaded after the end-user makes the decision > themselves. The end-user would set this through mokutil using a new > --trust-mok option [5]. This would work similar to how the kernel uses > MOK variables to enable/disable signature validation as well as use/ignore > the db. Any kernel operation that uses either the builtin or secondary > trusted keys as a trust source shall also reference the new machine > keyring as a trust source. > > Secure Boot keys will never be loaded into the machine keyring. They > will always be loaded into the platform keyring. If an end-user wanted > to load one, they would need to enroll it into the MOK. > > Steps required by the end user: > > Sign kernel module with user created key: > $ /usr/src/kernels/$(uname -r)/scripts/sign-file sha512 \ > machine_signing_key.priv machine_signing_key.x509 my_module.ko > > Import the key into the MOK > $ mokutil --import machine_signing_key.x509 > > Setup the kernel to load MOK keys into the .machine keyring > $ mokutil --trust-mok > > Then reboot, the MokManager will load and ask if you want to trust the > MOK key and enroll the MOK into the MOKList. Afterwards the signed kernel > module will load. > > I have included a link to the mokutil [5] changes I have made to support > this new functionality. The shim changes have now been accepted > upstream [6]. > > [1] https://marc.info/?l=linux-kernel&m=136185386310140&w=2 > [2] https://lore.kernel.org/lkml/1479737095.2487.34.camel@xxxxxxxxxxxxxxxxxx/ > [3] https://lore.kernel.org/lkml/1556221605.24945.3.camel@xxxxxxxxxxxxxxxxxxxxx/ > [4] https://lore.kernel.org/linux-integrity/1e41f22b1f11784f1e943f32bf62034d4e054cdb.camel@xxxxxxxxxxxxxxxxxxxxx/ > [5] https://github.com/esnowberg/mokutil/tree/mokvars-v3 > [6] https://github.com/rhboot/shim/commit/4e513405b4f1641710115780d19dcec130c5208f > > Eric Snowberg (17): > integrity: Introduce a Linux keyring called machine > integrity: Do not allow machine keyring updates following init > KEYS: Create static version of public_key_verify_signature > X.509: Parse Basic Constraints for CA > KEYS: CA link restriction > integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca > integrity: Fix warning about missing prototypes > integrity: add new keyring handler for mok keys > KEYS: Rename get_builtin_and_secondary_restriction > KEYS: add a reference to machine keyring > KEYS: Introduce link restriction for machine keys > KEYS: integrity: change link restriction to trust the machine keyring > KEYS: link secondary_trusted_keys to machine trusted keys > integrity: store reference to machine keyring > efi/mokvar: move up init order > integrity: Trust MOK keys if MokListTrustedRT found > integrity: Only use machine keyring when uefi_check_trust_mok_keys is > true > > certs/system_keyring.c | 44 ++++++++++- > crypto/asymmetric_keys/restrict.c | 43 +++++++++++ > crypto/asymmetric_keys/x509_cert_parser.c | 9 +++ > drivers/firmware/efi/mokvar-table.c | 2 +- > include/crypto/public_key.h | 15 ++++ > include/keys/system_keyring.h | 14 ++++ > security/integrity/Kconfig | 12 +++ > security/integrity/Makefile | 1 + > security/integrity/digsig.c | 23 +++++- > security/integrity/integrity.h | 17 +++- > .../platform_certs/keyring_handler.c | 18 ++++- > .../platform_certs/keyring_handler.h | 5 ++ > security/integrity/platform_certs/load_uefi.c | 4 +- > .../platform_certs/machine_keyring.c | 77 +++++++++++++++++++ > 14 files changed, 273 insertions(+), 11 deletions(-) > create mode 100644 security/integrity/platform_certs/machine_keyring.c > > > base-commit: fa55b7dcdc43c1aa1ba12bca9d2dd4318c2a0dbf Does shim have the necessary features in a release? /Jarkko