The presentation discusses upgrading Linux security with SecureBoot on Ubuntu 18.04 LTS. It covers safety backup prerequisites, enabling SecureBoot, signing third-party kernel drivers, and demonstrates checking SecureBoot settings through listing keys, verifying signatures, and enabling or disabling validation.
2. 22
The following presentation contains instructions that
can damage software and firmware assets if
executed with misuse.
Hashnet disclaims any liability in case of damage you
may encounter.
By using this support, puts you at risk of loosing your
data and you are agreeing to undertake any and all
risks associated with the resulting consequences.
It remains a work in progress.
Remarks to improve this draft are welcomed.
Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Disclaimer
3. 33
Live demo
Q & A
Safety backup prerequisite
Ubuntu 18.04 LTS SecureBoot
Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Agenda
4. 44Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Safety backup prerequisite Cases for restoration
Upgrading your master (here with SecureBoot)
within
15 minutes
Incident : Software / Hardware failure
Incident : OS Compromised
5. 55Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Fancy Bear
Equation Group
Safety backup prerequisite Example of material kit
15/03/2019
REX 1 : MAY NEED LARGER BACKUP DISK
REX 3 : LATEST LAPTOPS USE TORX T4 SCREWS
REX 2: MUST FILE YOUR DISK
REX 4 : ALTERNATIVE TO (MULTIBOOT) DISK
FOR CLONEZILLA SHELL
6. 66Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Safety backup prerequisite USB transfer feedbacks
Connectors
USB 1.0
1996
USB 2.0
2001
USB 2.0
Revised
USB 3.0
2011
USB 3.1
2014
USB 3.2
2017
USB4
2019
Theorical
Data rate
1.5 Mbit/s
Low Speed
480 Mbit/s
High Speed
5 Gbit/s
SuperSpeed
10 Gbit/s
SuperSpeed
+
20 Gbit/s
SuperSpeed
+
40 Gbit/s
SuperSpeed
+12 Mbit/s
Full Speed
Source: https://en.wikipedia.org/wiki/USB
REX 5 : IVOLER ADAPTATERS DECREASE SPEED WITH
AVERAGE RATE OVER 38 Mo/s
REX 6 : IMPACT ON SPEED TRANSFER W/ VS WITHOUT
SECUREBOOT ?
7. 77Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Safety backup prerequisite Baremetal copies w/ Partclone
1/ Making a CloneZilla live shell & booting on it
linux '(loop)/live/vmlinuz' boot='live' union='overlay'
username='user' config components noswap edd='on' nomodeset
nodmraid noeject locales='' keyboard-layouts='fr'
ocs_live_run='ocs-live-general' ocs_debug
ocs_live_extra_param='' ocs_live_batch='yes' ip='' acpi='off'
irqpoll noapic noapm nodma nomce nolapic nosmp nomodeset
nosplash findiso="${isofile_abspath}"
* /boot/grub/grub.cfg
Source: https://clonezilla.org/show-live-doc-content.php?topic=clonezilla-live/doc/99_Misc
Kernel boot parameters
10. 1010
Live demo
Q & A
Safety backup prerequisite
Ubuntu 18.04 LTS SecureBoot
Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Sommaire
11. 1111Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Ubuntu 18.04 LTS SecureBoot Prerequisites
1/ Protect your disk filesystem w/ LUKS encryption
2/ Protect your BIOS w/ an Admin password + UPDATES
3/ Backup your disk boot & rootfs partitions (or LVs)
12. 1212Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Sources
[1] https://odm.ubuntu.com/docs/ubuntu-bios-uefi-requirements.pdf
[2] https://blogs.technet.microsoft.com/dubaisec/2016/03/14/diving-into-secure-boot/
Ubuntu 18.04 LTS SecureBoot Ubuntu Boot Process
PK – Platform Key represents the root of trust and is used to protect the KEK (Key
Exchange Key) database. The platform vendor puts public portion of the Platform Key (PK)
into UEFI Firmware during manufacturing. Its private portion stays with the vendor. When
updating the PK, the new PK certificate must be signed with the old one.
KEK - The KEK (Key Exchange Key) database contains trusted certificates that are allowed
to modify the Allowed Signature database (db), Disallowed Signature database (dbx) or
Timestamp signature database (dbt) described below. KEK database usually contains
certificates of Operating System Vendor (OSV) and is secured by the Platform Key (PK).
13. 1313Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Sources
[1] https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_boot
[2] https://lists.ubuntu.com/archives/ubuntu-devel/2012-June/035445.html
[3] https://lektiondestages.blogspot.com/2018/04/signing-your-kernel-modules-on-ubuntu.html
[4] https://askubuntu.com/questions/342365/what-is-the-difference-between-grubx64-and-shimx64#342382
[5] cf BIOS
Ubuntu 18.04 LTS SecureBoot Protocol keypoints
• Many ‘out of the box’ distributions are secureboot-ready [1]
• Ubuntu binaries (shim & bootloader) are compiled respectively with Microsoft's WinQual and Canonical pubkeys [2]
• UEFI firmware allows key reconfiguration (enrolling a self-sign PK or the Ubuntu key) [2]
• Ubuntu will not require signed kernel images or kernel modules [2]
• Ubuntu provides updates for the revoked signature database, to be protected against known-compromised UEFI binaries [2]
• Ubuntu can (in theory) auto-update (DKMS post-build script) the kernel drivers signatures [3]
• There are specificities with the naming of the bootloader when not using GRUB [4]
• When enabled, SecureBoot can (1) enforce the signatures checks and block the boot process in case of violation (2) audit the
violations without blocking the boot process [5]
14. 1414Upgrade Linux Security with SecureBoot ESGI Security Day 2019
# /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxdrv)
Sign-file is a Perl script. It requires that you provide both the files that contain
your private and the public key as well as the kernel module file that you want to sign.
Your kernel module is in ELF image format and this script computes and appends the signature
directly to the ELF image in your my_module.ko file.
Note that this appended signature is not contained in an ELF image section and is not a formal
part of the ELF image. Therefore, tools such as readelf will not be able to display the signature
on your kernel module.
Your kernel module is now ready for loading. Note that your signed kernel module is also loadable
on systems where UEFI Secure Boot is disabled or on a non-UEFI system. That means you do not need
to provide both a signed and unsigned version of your kernel module.
Sources
[1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Kernel_Administration_Guide/sect-signing-kernel-modules-for-secure-boot.html
Ubuntu 18.04 LTS SecureBoot Signing third-party kernel drivers
“sign-file” perl script
15. 1515Upgrade Linux Security with SecureBoot ESGI Security Day 2019
cd /boot
sudo openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500
-subj "/CN=Descriptive common name/"
ls $(dirname $(modinfo -n vboxdrv))/vbox*.ko
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxdrv)
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxnetadp)
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxnetflt)
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der $(modinfo -n vboxpci)
tail $(modinfo -n vboxdrv) |grep "Module signature appended"
sudo mokutil --import MOK.der
reboot
sudo mokutil --sb-state
sudo mokutil --password
reboot
sudo modprobe vboxdrv
sudo mokutil --test-key MOK.der
cd /boot; shred –u MOK.priv
Sources
[1] https://askubuntu.com/questions/760671/could-not-load-vboxdrv-after-upgrade-to-ubuntu-16-04-and-i-want-to-keep-secur
Ubuntu 18.04 LTS SecureBoot Signing third-party kernel drivers
Signing the VirtualBox kernel drivers
➜ virtualbox l
total 12K
drwxr-xr-x 3 root root 4,0K avril 11 10:39 .
drwxr-xr-x 4 root root 4,0K mars 31 13:37 ..
drwxr-xr-x 6 root root 4,0K avril 11 10:39 5.2.18
lrwxrwxrwx 1 root root 29 avril 3 11:49 kernel-4.15.0-1035-oem-x86_64 -> 5.2.18/4.15.0-1035-oem/x86_64
lrwxrwxrwx 1 root root 29 avril 10 11:45 kernel-4.15.0-1036-oem-x86_64 -> 5.2.18/4.15.0-1036-oem/x86_64
lrwxrwxrwx 1 root root 31 avril 4 21:20 kernel-4.15.0-48-generic-x86_64 -> 5.2.18/4.15.0-48-generic/x86_64
➜ virtualbox pwd
/var/lib/dkms/virtualbox => A NEW KERNEL VERSION REQUIRES NEW KERNEL DRIVERS
THUS SIGNING THOSE NEW KERNEL DRIVERS
16. 1616
Live demo
Q & A
Safety backup prerequisite
Ubuntu 18.04 LTS SecureBoot
Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Sommaire
17. 1717Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Fancy Bear
Equation Group
Live Demo Checking SecureBoot settings on Ubuntu 18.04 LTS
Checklist :
What is the SecureBoot status ? How to enable/disable it ?
How to list the SB keys stored in the MOK ?
How to verify the signature of the boot binaries (shim, grub, kernel) ?
How to self-sign and test kernel binaries ?
How to install Canonical-signed kernel binaries ?
19. 1919Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Live Demo Checking SecureBoot settings on Ubuntu 18.04 LTS
What is the SecureBoot status ? How to enable/disable it ?
Check the binaries called within the boot process:
➜ r8168 efibootmgr -v
BootCurrent: 0000
Timeout: 0 seconds
BootOrder: 0000,0001,0003,0004
Boot0000* ubuntu HD(1,GPT,869b1c66-5611-4f81-a8b3-d085cf9c9251,0x800,0x177000)/File(EFIubuntushimx64.efi)
Boot0001* UEFI: PC401 NVMe SK hynix 512GB, Partition 1 HD(1,GPT,869b1c66-5611-4f81-a8b3-d085cf9c9251,0x800,0x177000)/File(EFIbootbootx64.efi)..BO
Boot0003* USB NIC(IPV4) PciRoot(0x0)/Pci(0x14,0x0)/USB(12,0)/MAC(00e0970033e7,0)/IPv4(0.0.0.00.0.0.0,0,0)..BO
Boot0004* USB NIC(IPV6) PciRoot(0x0)/Pci(0x14,0x0)/USB(12,0)/MAC(00e0970033e7,0)/IPv6([::]:<->[::]:,0,0)..BO
Check the SecureBoot status with the following command:
$ mokutil --sb-state
SecureBoot enabled
Enable / disable SecureBoot status with the following commands:
$ mokutil –-disable-validation
$ mokutil –-enable-validation
Check the keys knowned by the kernel:
$ sudo cat /proc/keys |grep asymm
Check the blacklisted binaries:
$ sudo cat /proc/keys |grep blacklist
Sources
http://manpages.ubuntu.com/manpages/xenial/man1/mokutil.1.html
Checking the UEFI parameters
$ grep -v ^# /boot/config-$(uname -r) |grep _SIG
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
$ grep -v ^# /boot/config-$(uname -r) |grep MODULE_SIG
CONFIG_MODULE_SIG=y
CONFIG_MODULE_SIG_ALL=y
CONFIG_MODULE_SIG_HASH="sha512"
CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
CONFIG_MODULE_SIG_SHA512=y
20. 2020Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Live Demo Checking SecureBoot settings on Ubuntu 18.04 LTS
How to list the SB keys stored in the MOK ?
$ /boot mokutil --pk |grep Issuer
Issuer: C=US, ST=Texas, L=Round Rock, O=Dell Inc., CN=Dell Inc. Platform Key
$ /boot mokutil --kek |grep Issuer
Issuer: C=US, ST=Texas, L=Round Rock, O=Dell Inc., CN=Dell Inc. Platform Key
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation Third Party Marketplace Root
CA Issuers - URI:http://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt
$ /boot mokutil --db |grep Issuer
Issuer: C=US, ST=Texas, L=Round Rock, O=Dell Inc., CN=Dell Inc. Key Exchange Key
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation Third Party Marketplace Root
CA Issuers - URI:http://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
CA Issuers - URI:http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
$ /boot mokutil --dbx |grep Issuer
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
CA Issuers - URI:http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
Sources
https://go.microsoft.com/fwlink/?LinkId=321185
21. 2121Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Live Demo Checking SecureBoot settings on Ubuntu 18.04 LTS
How to list the SB keys stored in the kernel ?
SB keys loaded during the boot process
➜ ~ dmesg |grep UEFI
[ 0.000000] ACPI: UEFI 0x000000003F0B4A98 000042 (v01 DELLx CBX3 00000002 01000013)
[ 1.045927] Loaded UEFI:db cert 'Dell Inc. UEFI DB: 5ddb772dc880660055ba0bc131886bb630a639e7' linked to secondary sys keyring
[ 1.045944] Loaded UEFI:db cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4' linked to secondary sys keyring
[ 1.045957] Loaded UEFI:db cert 'Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53' linked to secondary sys keyring
[ 1.048247] Loaded UEFI:MokListRT cert 'Descriptive common name: cd813275407f4bda0a9438e8fffc7f70125a2fd8' linked to secondary sys keyring
[ 1.048392] Loaded UEFI:MokListRT cert 'PPA canonical-kernel-team ppa: 55c04961f1043a73e150d05bceea207320d885fe' linked to secondary sys keyring
[ 1.048538] Loaded UEFI:MokListRT cert 'ubuntu Secure Boot Module Signature key: e914584544ef4c7731cd2a4f3ad15f0072eb13ee' linked to secondary sys keyring
[ 1.048687] Loaded UEFI:MokListRT cert 'Canonical Ltd. Master Certificate Authority: ad91990bc22ab1f517048c23b6655a268e345a63' linked to secondary sys keyring
SB keys loaded in the kernel key ring
➜ ~ sudo cat /proc/keys |grep asymm
[sudo] Mot de passe de jomivz :
03c82c0a I------ 1 perm 1f030000 0 0 asymmetri sforshee: 00b28ddf47aef9cea7: X509.rsa []
05da5292 I------ 2 perm 1f010000 0 0 asymmetri Dell Inc. UEFI DB: 5ddb772dc880660055ba0bc131886bb630a639e7: X509.rsa 30a639e7 []
0888675b I------ 1 perm 1f030000 0 0 asymmetri Build time autogenerated kernel key: d1f53b42ca7020dcdd24c66b9ed7819b4575644b: X509.rsa 4575644b []
0a6bbf9b I------ 2 perm 1f010000 0 0 asymmetri PPA canonical-kernel-team ppa: 55c04961f1043a73e150d05bceea207320d885fe: X509.rsa 20d885fe []
0bb5924c I------ 2 perm 1f010000 0 0 asymmetri Canonical Ltd. Master Certificate Authority: ad91990bc22ab1f517048c23b6655a268e345a63: X509.rsa 8e345a63 []
104d7550 I------ 2 perm 1f010000 0 0 asymmetri Descriptive common name: cd813275407f4bda0a9438e8fffc7f70125a2fd8: X509.rsa 125a2fd8 []
1757cdfa I------ 2 perm 1f010000 0 0 asymmetri ubuntu Secure Boot Module Signature key: e914584544ef4c7731cd2a4f3ad15f0072eb13ee: X509.rsa 72eb13ee []
27fb5eff I------ 2 perm 1f010000 0 0 asymmetri Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4: X509.rsa 988a1bd4 []
2d977696 I------ 2 perm 1f010000 0 0 asymmetri Microsoft Windows Production PCA 2011: a92902398e16c49778cd90f99e4f9ae17c55af53: X509.rsa 7c55af53 []
Sources
http://manpages.ubuntu.com/manpages/xenial/man1/keyctl.1.html
22. 2222Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Live Demo Checking SecureBoot settings on Ubuntu 18.04 LTS
How to verify the signature of the boot binaries (shim, grub, kernel) ?
Export and identify the keys in the MOK :
$ cd /tmp; mokutil export
$ openssl x509 -inform der -in MOK-000X.der -noout –text
The Microsoft certificate signing the shim bootloader is available online. Caution to extension, the certificate is in DER format. Verify the signature as per below:
$ wget http://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt
$ openssl x509 -in MicCorThiParMarRoo_2010-10-05.crt -inform DER -out MicCorThiParMarRoo_2010-10-05.pem -outform PEM
$ sbverify --cert ./microsoft-uefica-public.pem /boot/efi/EFI/ubuntu/shimx64.efi
Password:
Signature verification OK
The grub bootloader is signed by Canonical. []. To verify the signature use the following commands:
$ openssl x509 -inform DER -in ./MOK-0002.der -outform PEM -out ./canonical-master-public.pem
$ sudo sbverify --cert ./canonical-master-public.pem /boot/efi/EFI/ubuntu/grubx64.efi
Password:
Signature verification OK
The ‘out-of-box’ Ubuntu kernel is signed by Ubuntu. Extract the signature from the kernel image, then use sbverify to verify the image with the detached signature:
$ openssl x509 -pubkey -in ./canonical-master-public.pem -noout > ./canonical-signing-public.pem
$ cat /tmp/canonical-master-public.pem /tmp/canonical-signing-public.pem > /tmp/canonical-master-signing-public-chain.pem
$ sbattach --detach /tmp/vmlinuz-4.15.0-1027-oem.efi.signature /boot/vmlinuz-4.15.0-1027-oem.efi.signed
$ sudo sbverify --cert /tmp/canonical-master-signing-public-chain.pem
--detached /tmp/vmlinuz-4.15.0-1027-oem.efi.signature /boot/vmlinuz-4.15.0-1027-oem.efi.signed
Password:
Signature verification OK
Testing failed
23. 2323Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Live Demo Checking SecureBoot settings on Ubuntu 18.04 LTS
How to self-sign and test kernel binaries ?
Sources https://wiki.ubuntu.com/UEFI/SecureBoot/Testing?action=show&redirect=SecurityTeam%2FSecureBoot#Verifying_the_signature_on_a_signed_PE.2FCOFF_or_signed_kernel_image
Work in progress
24. 2424Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Live Demo Checking SecureBoot settings on Ubuntu 18.04 LTS
APT Process dead
Sources https://wiki.ubuntu.com/UEFI/SecureBoot/Testing?action=show&redirect=SecurityTeam%2FSecureBoot#Verifying_the_signature_on_a_signed_PE.2FCOFF_or_signed_kernel_image
Identifying the third party repository for Canonical kernels:
$ cd /boot; strings vmlinuz-4.15.0-1027-oem.efi.signed |grep -i Canonical
PPA canonical-kernel-team ppa0
PPA canonical-kernel-team ppa0
PPA canonical-kernel-team ppa
PPA canonical-kernel-team ppa
Adding to the package manager the third party repository for Canonical kernels :
$ sudo add-apt-repository ppa:canonical-kernel-team/ppa
$ sudo apt-get update
$ sudo apt upgrade
How to install Canonical-signed kernel binaries ?
25. 2525Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Live Demo Checking SecureBoot settings on Ubuntu 18.04 LTS
Sources https://paste.ubuntu.com/p/3d6nw4PJ43/
$ sbattach --detach ~/canonical-kernel-team.p7s vmlinuz-4.15.0-1027-oem.efi.signed
$ openssl pkcs7 -inform der -in ~/canonical-kernel-team.p7s -print_certs | openssl x509 -out ~/canonical-kernel-team.der -outform der
$ mokutil --import ~/canonical-kernel-team.der
How to extract /install the public key from Canonical-signed kernel ?
➜ mok pwd
/var/lib/shim-signed/mok
➜ mok l
total 20K
drwxr-xr-x 2 root root 4,0K mars 6 03:41 .
drwxr-xr-x 3 root root 4,0K avril 10 11:46 ..
-rw-r--r-- 1 root root 910 mars 6 03:41 MOK.der
-rw------- 1 root root 1,7K mars 6 03:41 MOK.priv
-rw------- 1 root root 1,0K mars 6 03:41 .rnd
26. 2626
Live demo
Q & A
Safety backup prerequisite
Ubuntu 18.04 LTS SecureBoot
Upgrade Linux Security with SecureBoot ESGI Security Day 2019
Sommaire
Cofondateur et directeur technique de Hashnet Consulting
Startup en cybersécurité avec des idées et nous cherchons et recrutons de bons éléments
ayant une expérience valorisante en CTF et/ou bug bounty
ayant donc un savoir faire mais aussi un savoir etre
La présentation du jour s'intitule SAFETY BEFORE SECURITY
(...avec un peu de sarcassme) / contenu == security 101
Débuter petit quizz pour en savoir plus sur vous ...
Analyse des stats / Parallèle ingénieurs seniors VS bases du disaster recovery
Economie: tps livraison vs gain aliexpress, dealabs
Perf: RPM, SATA, SSD, connectique usb-C, LVM, cleaning (VM)
REX1: Limage M2, Torx T4 (téléphone, PC ng)
REX2: Cold spare de disque dur