Enable Secure Boot in Windows¶
This document shows how to enable secure boot to launch Windows 10 as a guest through OVMF on ACRNGT, including:
- Generate Platform Key
- Get KEK and DB from Microsoft
- Inject PK, KEK and DB into OVMF
Generate Platform Key (PK)¶
In UEFI secure boot, the Platform Key establishes a trust relationship between the platform owner and the platform firmware. According to Microsoft’s secure boot documentation, section 1.5, the PK is a self-signed certificate owned by the OEM, and the OEM can generate their own PK.
Here we show two ways to generate a PK: openssl and Microsoft tools.
Generate PK Using openssl¶
Generate a Self-Signed Certificate as PK from a new key using the
openssl req
command. You will need to answer the Certificate Signing Request (CSR) information prompts to complete the process; use your country, state, and other information as appropriate.For example:
$ openssl req -newkey rsa:2048 -nodes -keyout PKpriv.key -x509 -days 365 -out PK.crt Generating a 2048 bit RSA private key ....+++ .+++ writing new private key to 'PKpriv.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:CN State or Province Name (full name) [Some-State]:Shanghai Locality Name (eg, city) []:Shanghai Organization Name (eg, company) [Internet Widgits Pty Ltd]:Intel Organizational Unit Name (eg, section) []:Intel Common Name (e.g. server FQDN or YOUR name) []: Email Address []:
You can also generate the self-signed certificate from an existing key, using the
openssl req
command, for example:openssl req -key testpriv.key -new -x509 -days 365 -out PK.crt
View the content of certificate using the
openssl x509
command:$ openssl x509 -text -noout -in PK2.crt Certificate: Data: Version: 3 (0x2) Serial Number: 10097816361374596362 (0x8c22a67aeadc3d0a) Signature Algorithm: sha256WithRSAEncryption Issuer: C=CN, ST=Shanghai, L=Shanghai, O=Intel, OU=Intel Validity Not Before: Jun 26 06:29:14 2019 GMT Not After : Jun 25 06:29:14 2020 GMT Subject: C=CN, ST=Shanghai, L=Shanghai, O=Intel, OU=Intel Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:9e:15:70:40:8c:b0:a7:c2:dd:45:15:e9:ab:c2: d9:3d:d7:32:1e:7f:ec:1d:26:e3:d3:07:2c:5c:40: 8a:42:12:d3:31:59:2c:f0:b0:f7:3d:94:51:ae:b8: 25:16:ab:98:97:60:68:67:80:e1:77:85:aa:f2:70: f3:47:fc:39:8c:9c:25:46:a8:ca:4f:aa:8f:d1:db: f1:50:9b:d9:b6:3d:28:bf:5c:bf:1a:52:12:4c:e2: 04:dd:fe:04:f1:98:3a:9f:a7:ff:f9:43:43:f7:8b: 48:48:ee:d8:2e:b1:25:26:97:ca:1f:94:1c:00:1e: 68:8f:e1:30:3d:3c:1d:99:32:d0:d3:08:0b:ed:4c: 4b:b4:7c:42:b9:1c:e4:ef:df:47:cf:52:37:7e:6e: a1:87:02:f9:23:6b:f4:22:e7:a8:8a:40:4c:5d:ff: f2:9f:bd:05:68:15:5c:1a:03:e3:4b:80:55:08:38: 78:1f:e7:4c:dc:cd:49:22:ef:c0:60:4a:c2:b2:c9: cb:2b:5c:e2:c8:1d:ec:9e:2d:eb:ed:b1:d7:53:54: ea:ce:1a:f2:1c:f9:19:2e:c4:6f:fa:f2:46:bd:48: bc:84:f2:a7:b4:1c:0c:60:26:eb:b1:31:d2:76:24: df:21:0d:4e:fb:80:3d:ce:8e:a4:5c:8f:8d:b5:51: 88:a3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 4D:A0:DC:F6:6C:56:1E:D2:25:C5:E3:EE:5D:0C:70:ED:71:E7:72:AA X509v3 Authority Key Identifier: keyid:4D:A0:DC:F6:6C:56:1E:D2:25:C5:E3:EE:5D:0C:70:ED:71:E7:72:AA X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha256WithRSAEncryption 24:0a:38:57:49:e5:35:05:58:d9:88:03:eb:3a:8c:5b:0d:88: 70:58:ea:77:b2:4c:37:ff:87:52:b7:f3:bd:0f:6f:5e:7c:fc: 28:16:37:19:23:d0:90:af:ed:1e:f3:36:ee:9d:66:0e:7c:07: 5b:7d:0a:2a:fa:80:8c:6a:35:48:2d:50:9e:d2:f4:fc:d1:2a: ed:f5:7f:e4:d9:ec:ac:09:10:52:5c:b9:c7:68:4a:91:98:33: 95:c3:23:4a:06:ca:ec:d3:ef:46:94:92:61:88:e4:e2:f5:db: c1:7a:a7:98:9d:59:0d:43:c2:2a:46:11:74:53:44:37:08:cd: b1:99:36:b6:3f:5e:51:f2:8c:d7:a0:0c:c5:9f:68:ba:2b:ab: 7a:57:1f:fd:c9:44:0d:b9:39:6e:52:8c:09:8b:eb:5f:ea:3d: d4:3d:05:17:1a:7f:47:92:38:94:1d:e0:59:d2:66:bb:37:95: 1d:11:4b:70:a1:89:1f:09:5a:25:dc:80:ee:27:17:7e:4a:cc: 32:63:1d:e2:89:27:b1:44:99:9f:fb:4d:45:31:23:49:7b:ba: 21:05:eb:d8:8a:b3:d0:72:c0:19:97:2a:59:4b:d1:12:ce:04: c4:c6:61:6f:19:e4:c2:fa:6a:0f:c7:70:c9:08:85:0c:65:97: 83:41:c6:4b
Convert certificate from PEM to DER using the
openssl x509
command.Only a DER format encoded certificate is supported. After conversion, save
PK.der
for use:openssl x509 -in PK.crt -outform der -out PK.der
Using Microsoft tools¶
Microsoft documents explain how to use Microsoft tools to generate a secure boot key, which we’ll summarize below.
Using
certutil.exe
to list the Cryptographic Service Providers (CSP)For the detailed information of each Microsoft Cryptographic Service Provider, please check the Microsoft CRP document
Here, we chose “Microsoft Strong Cryptographic Provider” for example:
C:\\CertReq\\test> certutil -csplist Provider Name: Microsoft Base Cryptographic Provider v1.0 Provider Type: 1 - PROV_RSA_FULL Provider Name: Microsoft Base DSS and Diffie-Hellman Cryptographic Provider Provider Type: 13 - PROV_DSS_DH Provider Name: Microsoft Base DSS Cryptographic Provider Provider Type: 3 - PROV_DSS Provider Name: Microsoft Base Smart Card Crypto Provider Provider Type: 1 - PROV_RSA_FULL Provider Name: Microsoft DH SChannel Cryptographic Provider Provider Type: 18 - PROV_DH_SCHANNEL Provider Name: Microsoft Enhanced Cryptographic Provider v1.0 Provider Type: 1 - PROV_RSA_FULL Provider Name: Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider Provider Type: 13 - PROV_DSS_DH Provider Name: Microsoft Enhanced RSA and AES Cryptographic Provider Provider Type: 24 - PROV_RSA_AES Provider Name: Microsoft RSA SChannel Cryptographic Provider Provider Type: 12 - PROV_RSA_SCHANNEL Provider Name: Microsoft Strong Cryptographic Provider Provider Type: 1 - PROV_RSA_FULL Provider Name: Microsoft Software Key Storage Provider Provider Name: Microsoft Passport Key Storage Provider Provider Name: Microsoft Platform Crypto Provider Provider Name: Microsoft Smart Card Key Storage Provider CertUtil: -csplist command completed successfully.
Create request inf file, for example:
[Version] Signature= "$Windows NT$" [NewRequest] ValidityPeriod = Years ValidityPeriodUnits = 6 Subject = "CN=Corporation TODO Platform Key,O=TODO Corporation,L=TODO_City,S=TODO_State,C=TODO_Country" MachineKeySet = true RequestType=Cert Exportable = FALSE HashAlgorithm = SHA256 KeyAlgorithm = RSA KeyLength = 2048 KeyContainer = "{EA75381E-6D9B-4BDC-B6C7-5144C96507DD}" ProviderName = "Microsoft Strong Cryptographic Provider" KeyUsage = 0xf0
Generate the Platform Key using
certreq.exe
:C:\\PKtest> certreq.exe -new request.inf PKtest.cer Installed Certificate: Serial Number: 3f675d4b64156f9c48ccf30793121147 Subject: CN=Intel Platform Key, O=Intel, L=Shanghai, S=Shanghai, C=CN NotBefore: 6/26/2019 10:40 AM NotAfter: 6/26/2025 10:50 AM Thumbprint: ff2771bd5bd1f7086ab96fb9532b594ed8619c3b Microsoft Strong Cryptographic Provider 3d40ebea7d109ee93b238b96721f0e6d_4be58f30-7127-42f5-9b76-f47187495247 CertReq: Certificate Created and Installed
Validate the Platform Key certificate has been generated correctly:
C:\\PKtest> certutil -store -v my "3f675d4b64156f9c48ccf30793121147" my "Personal" ================ Certificate 0 ================ X509 Certificate: Version: 3 Serial Number: 3f675d4b64156f9c48ccf30793121147 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA Algorithm Parameters: 05 00 Issuer: CN=Intel Platform Key O=Intel L=Shanghai S=Shanghai C=CN Name Hash(sha1): 732312795479b01208e0ade51c695eddd8f2b2d7 Name Hash(md5): 9264adf01062b20e8fe4351369c55cc4 NotBefore: 6/26/2019 10:40 AM NotAfter: 6/26/2025 10:50 AM Subject: CN=Intel Platform Key O=Intel L=Shanghai S=Shanghai C=CN Name Hash(sha1): 732312795479b01208e0ade51c695eddd8f2b2d7 Name Hash(md5): 9264adf01062b20e8fe4351369c55cc4 Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA Algorithm Parameters: 05 00 Public Key Length: 2048 bits Public Key: UnusedBits = 0 0000 30 82 01 0a 02 82 01 01 00 b9 72 bb ae ff 44 55 0010 01 a5 53 6c bd b1 6e b1 32 4a e5 07 04 f9 97 41 0020 49 a5 95 c9 77 b7 db c0 b0 0d 51 6a 17 d4 a1 91 0030 21 8b 1c 14 8a 29 f2 45 78 c0 d3 d3 99 19 b6 de 0040 8b cd 43 05 61 95 d1 c1 84 97 83 c7 ce 93 c7 9a 0050 90 37 ba 9d 7a 2a d1 6b ad f6 ba da 6d 18 1a ae 0060 ec 16 80 fe 29 4e 25 8a 2d 22 bd fb 25 02 f3 f3 0070 ad ae 0e df 37 4b 9d e0 b1 cb b8 40 d2 ff c8 bd 0080 6b bc 9f 61 68 be d4 33 61 01 b7 b9 ef f3 32 ee 0090 7e b4 24 c3 68 9c 19 85 4a d6 7f e6 8b 28 81 5f 00a0 7a 41 fa f7 0c 21 c2 10 1f df b2 89 9d 2d 1a b8 00b0 ac 9f 09 11 c9 85 1d fb 96 00 55 95 73 d9 d5 ae 00c0 c2 9e 10 8b c8 7d ec 6c d9 b1 15 80 50 3d 4e 25 00d0 cb 8a d7 fc 22 27 a7 be 71 15 22 86 0e 88 e9 c0 00e0 b6 af e6 9b 56 0a 99 6f 88 c7 4c e3 15 dc 6f 03 00f0 8a b3 21 cc 09 df 8c 3b aa c0 2d 31 0b 39 01 13 0100 29 e4 f4 85 8e f7 69 db 05 02 03 01 00 01 Certificate Extensions: 2 2.5.29.15: Flags = 1(Critical), Length = 4 Key Usage Digital Signature, Non-Repudiation, Key Encipherment, Data Encipherment (f0) 2.5.29.14: Flags = 0, Length = 16 Subject Key Identifier 29c42c8b73d48fb46118895ae59806eac7bf0098 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.11 sha256RSA Algorithm Parameters: 05 00 Signature: UnusedBits=0 0000 d4 89 92 e6 e1 ef 7e ce d3 c6 c2 b2 15 63 5c 68 0010 ea 16 13 7e 90 81 e3 75 64 75 da ac 85 fc c6 3a 0020 65 3b 60 1e 81 2d 20 58 ec b3 07 3c a3 a8 8a 57 0030 cf 33 a2 8c 08 fe 74 2b c5 d9 e7 f2 f7 69 8d ca 0040 68 81 33 3d 5c 25 63 60 17 51 4e 0c 1d bd de 68 0050 07 52 c6 50 da d9 5e 5b bd 4f 33 84 0c f8 ea 61 0060 f9 c3 00 db 78 f6 b2 4f 4e 4b 8d cf c9 0f d6 8a 0070 5c f2 8b 87 0d a5 a5 5e ab ce ac a4 ff dd d2 aa 0080 4c 22 8a c2 3e 23 7c de 4e 1c 18 f5 f9 a3 c1 4e 0090 b5 1e 9a af 92 0e 20 0e 17 82 2f 0c b4 c4 a3 f1 00a0 32 5a 0f e8 63 3e 5e 36 a2 8c ea de 02 78 58 b8 00b0 5a 0d d3 82 e4 b1 a6 72 9a dc 4a dc 5b 93 de 3c 00c0 2c ea b0 8d a5 6e 5c d6 c7 f8 78 ef 56 16 ed 7f 00d0 1e a5 5b a2 35 87 41 4d 5c 9d 34 c9 5b 82 68 94 00e0 8a 52 9c 8e 80 50 0d d7 10 34 cb 9c 96 8a b3 5e 00f0 9c bb bd 07 b5 18 b0 ea d2 93 8f 79 e9 dd 32 7a Signature matches Public Key Root Certificate: Subject matches Issuer Key Id Hash(rfc-sha1): 29c42c8b73d48fb46118895ae59806eac7bf0098 Key Id Hash(sha1): 2e442e6469555a714423002b2e0748b373a27952 Key Id Hash(bcrypt-sha1): 66f3c2ecf18079b65d6de0b85be1786749a9eb75 Key Id Hash(bcrypt-sha256): edd9c90796d56e97db92f506953da26c44d7e8640875c3b60e5788f4cd5f7058 Key Id Hash(md5): 99e508cd7c5c5e2077648312097c18ab Key Id Hash(sha256): 3401abc0a80dc1731990b0a99a1b5c7e1e60e107a667b295ced40a2056e43ce4 Key Id Hash(pin-sha256): 0wf9owhuRaJxiwsN4Mt8zAaXgTrp3dMJFopvr+oB1wA= Key Id Hash(pin-sha256-hex): d307fda3086e45a2718b0b0de0cb7ccc0697813ae9ddd309168a6fafea01d700 Cert Hash(md5): e95f4760524981cf90bc3198e3075f44 Cert Hash(sha1): ff2771bd5bd1f7086ab96fb9532b594ed8619c3b Cert Hash(sha256): 3abc3ab573d67e1fb491b2fd7e4ae0e5d9941ac7d55ee085c1d73d684891001a Signature Hash: 4106dbf78737c3b54009b231eb9fe00e57a1ac6c94e0d5046e9bc7a62febde85 CERT_REQUEST_ORIGINATOR_PROP_ID(71): xyzzy.ccr.corp.intel.com CERT_KEY_PROV_INFO_PROP_ID(2): Key Container = 3d40ebea7d109ee93b238b96721f0e6d_4be58f30-7127-42f5-9b76-f47187495247 Simple container name: {EA75381E-6D9B-4BDC-B6C7-5144C96507DD} Provider = Microsoft Strong Cryptographic Provider ProviderType = 1 Flags = 20 (32) CRYPT_MACHINE_KEYSET -- 20 (32) KeySpec = 2 -- AT_SIGNATURE CERT_SUBJECT_PUB_KEY_BIT_LENGTH_PROP_ID(92): 0x00000800 (2048) CERT_SHA1_HASH_PROP_ID(3): ff2771bd5bd1f7086ab96fb9532b594ed8619c3b CERT_SUBJECT_PUBLIC_KEY_MD5_HASH_PROP_ID(25): 99e508cd7c5c5e2077648312097c18ab CERT_KEY_IDENTIFIER_PROP_ID(20): 29c42c8b73d48fb46118895ae59806eac7bf0098 CERT_SIGNATURE_HASH_PROP_ID(15) disallowedHash: 4106dbf78737c3b54009b231eb9fe00e57a1ac6c94e0d5046e9bc7a62febde85 CERT_MD5_HASH_PROP_ID(4): e95f4760524981cf90bc3198e3075f44 CERT_ACCESS_STATE_PROP_ID(14): AccessState = 6 CERT_ACCESS_STATE_SYSTEM_STORE_FLAG -- 2 CERT_ACCESS_STATE_LM_SYSTEM_STORE_FLAG -- 4 Provider = Microsoft Strong Cryptographic Provider ProviderType = 1 Simple container name: {EA75381E-6D9B-4BDC-B6C7-5144C96507DD} RSA PP_KEYSTORAGE = 1 CRYPT_SEC_DESCR -- 1 KP_PERMISSIONS = 3b (59) CRYPT_ENCRYPT -- 1 CRYPT_DECRYPT -- 2 CRYPT_READ -- 8 CRYPT_WRITE -- 10 (16) CRYPT_MAC -- 20 (32) D:PAI(A;;GAGR;;;BA)(A;;GAGR;;;SY) Allow Full Control BUILTIN\\Administrators Allow Full Control NT AUTHORITY\\SYSTEM Private key is NOT exportable Signature test passed CertUtil: -store command completed successfully.
Convert
PKtest.cer
from Base-64 to DER format.OVMF secure boot key only supports DER encoded certificate.
open certificate by double clicking
PKtest.cer
and click “Copy to File…”Follow the certificate export wizard and select the format as “DER encoded binary X.509 (.CER)”
Follow the wizard to save file and finish export
You can rename
PKtestDER.cer
extension toPKtestDER.crt
. A.cer
file is an alternate form of.crt
by Microsoft Conventions. CRT and CER file extensions can be interchanged as the encoding type is identical.
Download KEK and DB from Microsoft¶
- KEK (Key Exchange Key):
- Microsoft Corporation KEK CA 2011: allows updates to db and dbx.
- DB (Allowed Signature database):
Microsoft Windows Production CA 2011: This CA in the Signature Database (db) allows Windows to boot.
Microsoft Corporation UEFI CA 2011: Microsoft signer for 3rd party UEFI binaries via DevCenter program.
Compile OVMF with secure boot support¶
git clone -b ovmf-acrn-waag ssh://git@gitlab.devtools.intel.com:29418/projectacrn/edk2.git
cd edk2
git submodule update --init CryptoPkg/Library/OpensslLib/openssl
source edksetup.sh
make -C BaseTools
vim Conf/target.txt
ACTIVE_PLATFORM = OvmfPkg/OvmfPkgX64.dsc
TARGET_ARCH = X64
TOOL_CHAIN_TAG = GCC5
build -DFD_SIZE_2MB -DDEBUG_ON_SERIAL_PORT=TRUE -DSECURE_BOOT_ENABLE
Notes:
source edksetup.sh
, this step is needed for compilation every time a shell is created.This will generate the fw section at
Build/OvmfX64/DEBUG_GCC5/FV/OVMF_CODE.fd
orBuild/OvmfX64/RELEASE_GCC5/FV/OVMF_CODE.fd
This will also generate an empty template VARS file at
Build/OvmfX64/DEBUG_GCC5/FV/OVMF_VARS.fd
orBuild/OvmfX64/RELEASE_GCC5/FV/OVMF_VARS.fd
Both
OVMF_CODE.fd
andOVMF_VARS.fd
will be used later.Make sure your GCC is 5.X. GCC 6 and above is NOT supported.
Use QEMU to inject secure boot keys into OVMF¶
We follow the OpenSUSE: UEFI Secure boot using qemu-kvm document to import PK, KEK, and DB into OVMF, Ubuntu 16.04 used.
Install KVM, QEMU
Prepare the environment
Create a OVMFKeys working directory:
mkdir OVMFKeys
Copy the build out OVMF binary into OVMFKeys:
cp edk2/Build/OvmfX64/DEBUG_GCC5/FV/OVMF_CODE.fd OVMFKeys cp edk2/Build/OvmfX64/DEBUG_GCC5/FV/OVMF_VARS.fd OVMFKeys
copy
OVMF_CODE_QEMU.fd
into OVMFKeys:cp OVMF_CODE_QEMU.fd OVMFKeys
Make a working directory for hda-contents:
cd OVMFKeys mkdir hda-contents
Copy PK, KEK and DB into hda-contents:
cp PKtestDER.cer hda-contents cp MicCorKEKCA2011_2011-06-24.crt hda-contents cp MicWinProPCA2011_2011-10-19.crt hda-contents
Use QEMU to inject secure boot keys
Run qemu-system-x86_64 to launch virtual machine:
cd OVMFKeys qemu-system-x86_64 -L . \ -drive if=pflash,format=raw,readonly,file=OVMF_CODE_QEMU.fd \ -drive if=pflash,format=raw,file=OVMF_VARS.fd \ -hda fat:hda-contents \ -net none
After boot up, you can see the UEFI shell.
Enter “exit” to close UEFI shell and enter UEFI configuration menu.
Go to secure boot configuration (Device Manager / Secure Boot Configuration / Secure Boot Mode) and change from “Standard Mode” to “Custom Mode”.
After change to “Custom Mode”, “Custom Secure Boot Options” will show up, click and enter.
Import PK
PK Options / Enroll PK / Enroll PK Using File: select the only one HD, space select
PKtestDer.cer
. (Note: only DER format certificate is supported.)Then, select “Commit Changes and Exit”, PK will be imported into OVMF.
Import KEK
The process is the same as import PK, bit select “KEK options” to inject “Microsoft Corporation KEK CA 2011”.
KEK Options / Enroll KEK / Enroll KEK Using File: select the only one HD, space select
MicCorKEKCA2011_2011-06-24.crt
. Commit Changes and Exit.Import DB
Use the same process to inject “Microsoft Windows Production CA 2011”.
DB Options / Enroll Signature / Enroll Signature Using File: select the only one HD, space select
MicWinProPCA2011_2011-10-19.crt
. Commit Changes and Exit.Repeat the steps to inject “Microsoft Corporation UEFI CA 2011”.
DB Options / Enroll Signature / Enroll Signature Using File: select the only one HD, space select
MicCorUEFCA2011_2011-06-27.crt
. Commit Changes and Exit.After import PK, KEK and DB, the secure boot state is now “Enabled”.
Generate
OVMF.fd
for ACRN with the updated keys manually:cat /path/to/OVMF_VARS.fd /path/to/OVMF_CODE.fd > OVMF.fd
Update
OVMF.fd
into ACRNGT+OVMF+Win10 to start Windows.
Notes:
- According to Microsoft documentation, after enabling secure boot, kernel mode driver must be signed by a trusted certification authority (CA).
- A cross-signed driver using a SHA-1 or SHA-256 certificate issued after July 29th, 2015 is not recommended for Windows 10.
- After enable secure boot, standard mechanisms such as kernel debugging and test signing will not be permitted.
See these references for more information: