[U-Boot] Fwd: EFIBootGuard for CIP and SecureBoot

Heinrich Schuchardt xypron.glpk at gmx.de
Mon Apr 22 17:57:57 UTC 2019


-------- Forwarded Message --------
Subject: Re: EFIBootGuard for CIP and SecureBoot
Date: Mon, 22 Apr 2019 19:55:04 +0200
From: Heinrich Schuchardt <xypron.glpk at gmx.de>

On Fri Apr 19 10:48:51 UTC 2019
François Ozog <francois.ozog at linaro.org> wrote
> We will be conducting a UEFI gap analysis to support EFIBootGuard in
> U-Boot.
>
> As we are working on UEFI SecureBoot implementation in U-Boot, how do
> you expect the boot process to be secured? Would U-Boot UEFI
> SecureBoot verify EFIBootGuard signature and in turn EFIBootGuard will
> check either grub or Linux signature?
>
> Please elaborate on your vision of a secured boot process.

The UEFI spec is quite clear about this:

An implementation of SecureBoot will check the signature of any EFI
binary before starting it. StartImage() will return
EFI_SECURITY_VIOLATION when trying to start an image that is neither
correctly signed nor whose hash is known.

As we use StartImage() for starting any image the signature of
EFIBootGuard would be checked first and then any of the child
applications it starts.

You will not be able to start GRUB or the Linux kernel if their
signature are not added to U-Boot's key database.

Of cause you could implement inside EFIBootGuard your own mechanism to
start a loaded image without calling StartImage(). In this case U-Boot
cannot protect you from invalid images.

Best regards

Heinrich



More information about the U-Boot mailing list