Also posted on Medium.
Update april 2024: Work on UKI is progressing in Fedora and with Fedora 40 for many use cases you can now use UKI to get signed images containing kernel and initrd in one. See https://fedoraproject.org/wiki/Changes/Unified_Kernel_Support_Phase_2 for more information.
Although secure boot support has been in place in most distros for a while, most, if not all, still have a missing part in the chain, namely the missing signing of the initrd image. This allows an attacker to tamper with the initrd image without detection. Lennart Pottering wrote a very good blog post about the issue and outlined a solution that can be implemented.
Until measures as outlined there or similar are implemented in the distros, there a couple of solutions ready to set up now. They do however require a little work from the end user.
Option one is to encrypt the boot partition. This works, however you need to use grub and grub still only supports luks version 1. Also you need to decrypt the boot partition using a password or passphrase, as this is the only method grub supports, not other methods such as fido2 or tpm, which is supported by systemd-cryptenroll.
The second option is the one I’m going to describe, that is to sign and verify the initrd image. That way, it does not matter that the boot partition is unencrypted, as there is no secrets in the initrd image, and any tampering will break the signature and the boot process.
In order to sign and validate the initrd image, you will first need to set up and install your own secure boot signing key. To ease setup and use, we use sbctl. First install required packages (if you don’t want to install asciidoc and go on your system, you can use toolbox)
sudo dnf install asciidoc golang
Download the sbctl release file, unpack and install (change version as needed)
VERSION=0.9
cd /tmp
curl -L "https://github.com/Foxboron/sbctl/releases/download/${VERSION}/sbctl-${VERSION}.tar.gz" | tar zxvf -
cd "sbctl-${VERSION}"
make
sudo make install
and generate the key by running
sudo sbctl create-keys
If your computer supports it, you can install the key by running
sudo sbctl enroll-keys
If successfull, reboot. If this fails, you will need to manually install the key. This can vary from system to system, but in most cases the following will work
- Run
sudo openssl x509 -in /usr/share/secureboot/keys/db/db.pem -outform DER -out /boot/efi/EFI/fedora/DB.cer - Reboot into BIOS. There will usually be an option under secure boot to add your own key to the DB database from file, where you can browse the EFI partition and find the
DB.cerfile inEFI/fedora
After adding the key, sudo sbctl status should now a checkmark for installed and secure boot, similar to
Installed: ✔ Sbctl is installed
Owner GUID: a9fbbdb7-a05f-48d5-b63a-08c5df45ee70
Setup Mode: ✔ Disabled
Secure Boot: ✔ EnabledThe next step is setting up systemd-boot and automatic signing of the initrd on kernel upgrades. First we need to change the efi mount from /boot/efi to /efi
sudo umount /boot/efi
sudo mkdir /efi
sudo sed -i `s-/boot/efi-/efi-' /etc/fstab
sudo mount /efi
sudo ln -s /efi /boot/efi
The last command is because some packages such as fwupd expects to find the efi mount at /boot/efi
Setup systemd-boot and sign it by running
sudo bootctl install
sudo sbctl sign /efi/EFI/systemd/systemd-bootx64.efi
You might want to edit /efi/loader/loader.conf and add timeout 3 or similar, in order to get a prompt to choose images when booting.
To make sure systemd-boot keeps being signed on updates, we will need the sbsigntoolspackage installed
sudo dnf install sbsigntools
Then run sudo systemctl edit systemd-boot-update.service and add the following
[Service]
ExecStart=/bin/sh -c 'sbverify --cert /usr/share/secureboot/keys/db/db.pem /efi/EFI/systemd/systemd-bootx64.efi || sbctl sign /efi/EFI/systemd/systemd-bootx64.efi'
Next, we add dracut configuration for creating a combined and signed file containing efi stub loader, kernel and initrd. Edit /etc/dracut.conf.d/local.conf and add
uefi=yes
uefi_secureboot_cert=/usr/share/secureboot/keys/db/db.pem
uefi_secureboot_key=/usr/share/secureboot/keys/db/db.key
dracut_rescue_image=no
The reason we disable the rescue image, is that this is very big and will most likely fill your EFI partition.
The last piece is to add a kernel install script to change the systemd-boot entry to load only the combined image. Edit /etc/kernel/install.d/99-use-signed-image.install with the content
#!/bin/bash
COMMAND="$1"
KERNEL_VERSION="$2"
ENTRY_DIR_ABS="$3"
if ! [[ $COMMAND == add ]]; then
exit 1
fi
MACHINE_ID="$KERNEL_INSTALL_MACHINE_ID"
BOOT_ROOT="$KERNEL_INSTALL_BOOT_ROOT"
if [[ -f /etc/kernel/tries ]]; then
read -r TRIES </etc/kernel/tries
if ! [[ "$TRIES" =~ ^[0-9]+$ ]] ; then
echo "/etc/kernel/tries does not contain an integer." >&2
exit 1
fi
LOADER_ENTRY="$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION+$TRIES.conf"
else
LOADER_ENTRY="$BOOT_ROOT/loader/entries/$MACHINE_ID-$KERNEL_VERSION.conf"
fi
sed -i "/^initrd/d" "${LOADER_ENTRY}"
sed -i "/^linux/s/linux$/initrd/" "${LOADER_ENTRY}"
Make the script executable by running sudo chmod 755 /etc/kernel/install.d/99-use-signed-image.install
Everything should now be up and running, the last thing to do is re-run kernel install for the current kernel in order to get a new updated and signd initrd image by running
sudo /bin/kernel-install -v add $(uname -r) /lib/modules/$(uname -r)/vmlinuz
Reboot and you should have a boot that is signed all the way. Run sudo bootctl status to verify. Current Boot Loader should say systemd-boot and under Default Boot Loader Entry the linux line should point to initrd (this is the combined and signed initrd).
You can now remove the grub boot entry, so that there is no way to boot using the unsigned initrd image. Run sudo efibootmgr -v to list current boot entries. Then run sudo efibootmgr -B -b XX where XX is the number, for instance 0003
Finally, edit /etc/fwupd/uefi_capsule.conf and set EnableGrubChainLoad=false
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Do you have an updated guide for fedora 39?
Hi. The guide should still work with Fedora 39, I’ve upgrade to 39 and using it without issues. Is there something that fails for you?
I get File is immutable:/sys/firmware/efi/efivars/ pk,kek,db
You need to chattr -I files in efivars
Thanks for that update. This is I think is depending on the type of machine and firmware you have and not Fedora version. This fix should help more people to use the automatic key install.
It didn’t actually work the chattr suggestion was part of the error message. How do I proceed?
Hi
Sorry, I misread your comment. Is this error when running
sbctl enroll-keys? If so, you need to use the manual method to install the keys.running the next step:
sudo openssl x509 -in /usr/share/secureboot/keys/db/db.pem -outform DER /boot/efi/EFI/fedora/DB.cer
gives:
x509: Use -help for summary.
I see the command is missing -out, the correct command should be sudo openssl x509 -in /usr/share/secureboot/keys/db/db.pem -outform DER -out /boot/efi/EFI/fedora/DB.cer
I have also updated the article.
I get File is immutable: /sys/firmware/efi/efivars/ pk,kek,db
You need to chattr -I files in efivars
In had to dig through stuff to get here 🙂
Thanks for posting, this is very appreciated.
I’m just drilling in and trying to understand how to properly secure our servers with fde.
I read Lennart post as well and it was like reading my own thoughts.. indeed very strange state of things.
His post is roughly 3 years old and he mentions there several solutions being worked on in progress from the systemd side.
I wonder if there is a full standard solution that we can just adopt and use? Did anything change since his post?
Hi Michael
I’m glad the article was helpful. The progress on this front seems to be very slow, there was this article on LWN that seems to offer some hope: https://lwn.net/Articles/946526/
Thank you!
With your solution, does it make sense to also remove all other keys so no one could switch-in a similar but malicious initrd signed with the distro key for example?
Hi. It sounds sensible to do this to reduce risk, as it is the Microsoft key that is trusted by default in the bios, and this key also signs other distros keys, so a compromise could happen in any of these distros, not just the one you are using.
I got this error:
“`dracut[F]: Can’t find a uefi stub ‘/usr/lib/systemd/boot/efi/linuxx64.efi.stub’ to create a UEFI executable
/usr/lib/kernel/install.d/50-dracut.install failed with exit status 1.
“`
Which was fixed by running
“`
sudo dnf install systemd-boot-unsigned
“`