Secure Boot enabling for Clear Linux User VM

Prerequisites

  • ACRN Service VM is installed on the KBL NUC.

  • ACRN OVMF version is v1.2 or above ( 3506 ).

  • ACRN DM support OVMF write back ( 3413 ).

  • efi-tools and sbsigntools are installed in the Service VM:

    # swupd bundle-add os-clr-on-clr
    

Validated versions

  • Clear Linux version: 31080
  • ACRN-hypervisor tag: v1.3
  • ACRN-Kernel(Service VM kernel): 4.19.73-92.iot-lts2018-sos
  • OVMF version: v1.3

Prepare keys (PK/KEK/DB)

Generate keys

For formal case, key generation and management can be referenced by: Ubuntu-KeyGeneration or Windows-secure-boot-key-creation-and-management-guidance.

For testing, the keys can be created on the KBL NUC with these commands:

$ openssl req -new -x509 -newkey rsa:2048 -subj "/CN=test platform key/" -keyout PK.key -out PK.crt -days 3650 -nodes -sha256
$ openssl req -new -x509 -newkey rsa:2048 -subj "/CN=test key-exchange-key/" -keyout KEK.key -out KEK.crt -days 3650 -nodes -sha256
$ openssl req -new -x509 -newkey rsa:2048 -subj "/CN=test signing key/" -keyout db.key -out db.crt -days 3650 -nodes -sha256
$ cert-to-efi-sig-list -g "$(uuidgen)" PK.crt PK.esl
$ sign-efi-sig-list -k PK.key -c PK.crt PK PK.esl PK.auth
$ cert-to-efi-sig-list -g "$(uuidgen)" KEK.crt KEK.esl
$ sign-efi-sig-list -a -k PK.key -c PK.crt KEK KEK.esl KEK.auth
$ cert-to-efi-sig-list -g "$(uuidgen)" db.crt db.esl
$ sign-efi-sig-list -a -k KEK.key -c KEK.crt db db.esl db.auth
$ openssl x509 -outform DER -in PK.crt -out PK.der
$ openssl x509 -outform DER -in KEK.crt -out KEK.der
$ openssl x509 -outform DER -in db.crt -out db.der

The keys to be enrolled in UEFI BIOS: PK.der, KEK.der, db.der The keys to sign bootloader or kernel: db.key, db.crt

Create virtual disk to hold the keys

Follow these commands to create a virtual disk and copy the keys generated above:

$ sudo dd if=/dev/zero of=$PWD/hdd_keys.img bs=1024 count=10240
$ mkfs.msdos hdd_keys.img
$ sudo losetup -D
$ sudo losetup -f -P --show $PWD/hdd_keys.img
$ sudo mount /dev/loop0 /mnt
$ sudo cp PK.der KEK.der db.der /mnt
$ sync
$ sudo umount /mnt
$ sudo losetup -d /dev/loop0

Enroll keys in OVMF

  1. Customize the launch_uos.sh script to boot with the virtual disk that contains the keys for enrollment:

    $ cp /usr/share/acrn/samples/nuc/launch_uos.sh ./launch_virtual_disk.sh
    $ sudo vim ./launch_virtual_disk.sh
    
    acrn-dm -A -m $mem_size -c $2 -s 0:0,hostbridge \
      -s 2,pci-gvt -G "$3" \
      -l com1,stdio \
      -s 5,virtio-console,@pty:pty_port \
      -s 6,virtio-hyper_dmabuf \
      -s 3,virtio-blk,./hdd_keys.img \
      -s 4,virtio-net,tap0 \
      -s 7,virtio-rnd \
      --ovmf w,/usr/share/acrn/bios/OVMF.fd \
      $pm_channel $pm_by_vuart $pm_vuart_node \
      $logger_setting \
      --mac_seed $mac_seed \
      $vm_name
    }
    
  2. Launch the customized script to enroll keys:

    $ sudo ./launch_virtual_disk.sh
    
  3. Type exit command in UEFI shell.

    ../_images/exit_uefi_shell.png

  4. Select Device Manager –> Secure Boot Configuration.

    ../_images/secure_boot_config_1.png

    ../_images/secure_boot_config_2.png

    ../_images/secure_boot_config_3.png

  5. Select Secure Boot Mode –> Custom Mode –> Custom Secure Boot Options.

    ../_images/select_custom_mode.png

    ../_images/enable_custom_boot.png

  6. Enroll Keys:

    1. Enroll PK: Select PK Options –> Enroll PK –> Enroll PK Using File –> VOLUME – PK.der –> Commit Changes and Exit
    2. Enroll KEK(similar with PK): Select KEK Options –> Enroll KEK –> Enroll KEK Using File –> VOLUME –> KEK.der –> Commit Changes and Exit
    3. Enroll Signatures(similar with PK): Select DB Options –> Enroll Signature –> Enroll Signature Using File –> VOLUME –> db.der –> Commit Changes and Exit

    Example for enrolling the PK file:

    ../_images/enroll_pk_key_1.png

    ../_images/enroll_pk_key_2.png

    ../_images/enroll_pk_key_3.png

    ../_images/enroll_pk_key_4.png

    ../_images/enroll_pk_key_5.png

    ../_images/enroll_pk_key_6.png

  7. Press ESC to go back to the Secure Boot Configuration interface.

    Now the Current Secure Boot State is Enabled and Attempt Secure Boot option is selected.

    ../_images/secure_boot_enabled.png

  8. Go back to UEFI GUI main interface and select Reset to perform a formal reset/shutdown to ensure the key enrollment is taking effect in the next boot.

    ../_images/reset_in_bios.png

  9. Type reset -s to shutdown the guest in the UEFI shell.

    ../_images/reset_in_uefi_shell.png

Sign the Clear Linux image

Follow these commands to sign the Clear Linux VM binaries.

  1. Download and decompress the Clear Linux image:

    $ wget https://download.clearlinux.org/releases/31080/clear/clear-31080-kvm.img.xz
    $ unxz clear-31080-kvm.img.xz
    
  2. Download the script to sign image:

    $ wget https://raw.githubusercontent.com/projectacrn/acrn-hypervisor/master/doc/scripts/sign_image.sh
    
  3. Run the script to sign image.

    $ sudo sh sign_image.sh clear-31080-kvm.img db.key db.crt
    /mnt/EFI/BOOT/BOOTX64.EFI
    warning: data remaining[93184 vs 105830]: gaps between PE/COFF sections?
    warning: data remaining[93184 vs 105832]: gaps between PE/COFF sections?
    Signing Unsigned original image
    sign /mnt/EFI/BOOT/BOOTX64.EFI succeed
    /mnt/EFI/org.clearlinux/bootloaderx64.efi
    warning: data remaining[1065472 vs 1196031]: gaps between PE/COFF sections?
    warning: data remaining[1065472 vs 1196032]: gaps between PE/COFF sections?
    Signing Unsigned original image
    sign /mnt/EFI/org.clearlinux/bootloaderx64.efi succeed
    /mnt/EFI/org.clearlinux/kernel-org.clearlinux.kvm.5.2.17-389
    Signing Unsigned original image
    sign /mnt/EFI/org.clearlinux/kernel-org.clearlinux.kvm.5.2.17-389 succeed
    /mnt/EFI/org.clearlinux/loaderx64.efi
    warning: data remaining[93184 vs 105830]: gaps between PE/COFF sections?
    warning: data remaining[93184 vs 105832]: gaps between PE/COFF sections?
    Signing Unsigned original image
    sign /mnt/EFI/org.clearlinux/loaderx64.efi succeed
    
  4. You will get the signed Clear Linux image: clear-31080-kvm.img.signed

Boot Clear Linux signed image

  1. Modify the launch_uos.sh script to use the signed image.

    $ sudo vim /usr/share/acrn/samples/nuc/launch_uos.sh
    
    acrn-dm -A -m $mem_size -c $2 -s 0:0,hostbridge \
      -s 2,pci-gvt -G "$3" \
      -l com1,stdio \
      -s 5,virtio-console,@pty:pty_port \
      -s 6,virtio-hyper_dmabuf \
      -s 3,virtio-blk,./clear-31080-kvm.img.signed \
      -s 4,virtio-net,tap0 \
      -s 7,virtio-rnd \
      --ovmf /usr/share/acrn/bios/OVMF.fd \
      $pm_channel $pm_by_vuart $pm_vuart_node \
      $logger_setting \
      --mac_seed $mac_seed \
      $vm_name
    }
    
  2. You may see the UEFI shell boots by default.

    ../_images/uefi_shell_boot_default.png

  3. Type exit to enter Bios configuration.

  4. Navigate to the Boot Manager and select UEFI Misc Device to boot the signed Clear Linux image.

  5. Login as root and use dmesg to check the secure boot status on the User VM.

    root@clr-763e953a125f4bda94dd2efbab77f776 ~ # dmesg | grep Secure
    [    0.001330] Secure boot enabled