←back to thread

Linux and Secure Boot certificate expiration

(lwn.net)
253 points pabs3 | 3 comments | 18 Jul 25 03:53 UTC | HN request time: 0s | source
Show context
palata ◴[18 Jul 25 09:28 UTC] No.44602753[source]
[Warning: I'm not interested in sarcasm or uninformed rants against secure boot, there are plenty already]

I'm hoping to get insights from people who understand secure boot well here. My understanding on Android (for the minority of Android manufacturers that do it correctly) is that there is a "manufacturer key" burnt somewhere on the ROM that cannot ever be changed, and once a first system is installed properly:

1. It is impossible to overwrite the system partitions unless the bootloader is unlocked from the already-installed OS (I assume that something makes sure that only the signed OS can unlock the bootloader?).

2. Once the bootloader is unlocked, it is impossible to overwrite only parts of the system: it's all or nothing, such that one cannot inject stuff into an existing system (evil maid style).

Still on Android, it's possible to add custom keys. That's what GrapheneOS and the likes use.

How is it on UEFI? It sounds like the "manufacturer keys" are always from Microsoft, but is there not a way to use custom keys?

replies(3): >>44602785 #>>44602973 #>>44603027 #
1. eqvinox ◴[18 Jul 25 10:14 UTC] No.44603027[source]
> It sounds like the "manufacturer keys" are always from Microsoft,

The primary key is called "Platform Key" (PK) on UEFI, there can be only one, and it is generated by the mainboard manufacturer, not Microsoft. The PK is then used to sign Key Exchange Keys (KEK) which you will generally have 2…4 of, the Microsoft self-use one, the Microsoft third party one, a board vendor one, and a system/board specific one.

replies(1): >>44603049 #
2. palata ◴[18 Jul 25 10:18 UTC] No.44603049[source]
And next to those you can load your custom keys?
replies(1): >>44603079 #
3. eqvinox ◴[18 Jul 25 10:24 UTC] No.44603079[source]
You need to replace the PK with one of your own, because that is used to sign all the other keys, and generally there can only be one PK. You can then re-sign the existing keys with your own PK (e.g. if you want to dual boot Windows) — or just ditch the existing ones¹, and/or you can generate your own keys of the other types (KEK & DB).

Ed.: ¹ there are cases where ditching the existing keys breaks the system, because the board vendor was stupid and signed the VGA UEFI driver with one of those keys instead of tying it directly into the BIOS/UEFI image. AFAIK this only affects a specific series of Lenovo laptops, but Google the details before breaking your system.

Ed.#2: actually I think the PK signature is only checked while installing keys into the KEK/DB list, so you don't need to re-sign the existing Microsoft keys, they just stay in the list by default. (Unless they got cleared somehow.) It's been a little while since I did this.