[PATCH v10 00/22] Appended Signature Secure Boot Support for PowerPC

From: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
To: grub-devel@gnu.org
Cc: dja@axtens.net, jan.setjeeilers@oracle.com,
	julian.klode@canonical.com, mate.kukri@canonical.com,
	pjones@redhat.com, msuchanek@suse.com, mlewando@redhat.com,
	stefanb@linux.ibm.com, avnish@linux.ibm.com, nayna@linux.ibm.com,
	ssrish@linux.ibm.com, Sudhakar Kuppusamy <sudhakar@linux.ibm.com>,
	sridharm@linux.ibm.com
Subject: [PATCH v10 00/22] Appended Signature Secure Boot Support for PowerPC
Date: Tue,  9 Sep 2025 17:15:08 +0530	[thread overview]
Message-ID: <20250909114530.36863-1-sudhakar@linux.ibm.com> (raw)

This patch set contains v10 the consolidated version of the patch
sets for secure boot using appended signatures on powerpc,
rebased on top of git HEAD.

The v9 series is at
https://lists.gnu.org/archive/html/grub-devel/2025-08/msg00186.html

Changes since v9:
- Daniel Kiper review comments addressed:
 - v10 patch 11: It is patch 12 in v8, added comments for ignored "-Waddress-of-packed-member"
                 changed is_pks_present return type to bool, added grub_pks_get_keystore
                 function to return PKS or NULL.
 - v10 patch 12: added new patch take out key management environment variable changes
                 from patch 13
 - v10 patch 13: defined typedef struct sb_database sb_database_t and used it.
                 removed the unnecessary grub_memset, merged the is_hash_present_in_dbx()
                 and is_hash_present_in_db() into check_hash_presence.
 - v10 patch 17: changed build_static_db_list to load_elf2db, create_db_list to load_pks2db,
                 and grub_pks_free_keystore to grub_pks_tmp_free.
 - v10 patch 18: changed the variable name is_binary_hash to bin_hash, is_cert_fingerprint_match
                 to cert_fingerprint_match. all ways shown all the GRUB commands.
 - v10 patch 21: removed grub-install example and added installing of created core image file
 - v10 patch 22: moved the common statements into appended signature section

Linux on Power LPAR secure boot ensures the integrity of the Linux boot
stack. The hypervisor and partition firmware are part of the core root of
trust. The partition firmware verifies the signature on the GRUB image
before handing control to GRUB. Similarly, GRUB verifies the signature on
the kernel image before booting the OS. This ensures that every image
running at the boot time is verified and trusted. UEFI platforms relies
on PECOFF based signature scheme. Since Power is not a UEFI platform, an
alternative mechanism is needed. Power already uses appended signatures
on the Linux Kernel, and is now extended to sign the grub as well.

Linux on Power also allows multiple signers, and if any one of the
signature passes, then the image passes the validation. Appended signature
scheme uses CMS structure to contain signatures. On Power, the multiple
signature support relies on the multiple signers features already supported
by CMS standards. It does require that all the signers should sign at the
same time and are not allowed to add or remove the signatures randomly.

By default, Linux LPAR secure boot uses static key management[1]. This means
that each image embeds the keys it needs to verify the image it loads.
For example, the keys used to verify the GRUB image are built into the
firmware image. Similarly, the keys used for verifying the kernel image
are built into the GRUB image. These are pre-defined keys and they cannot
be modified at runtime. The drawback of this approach is that key rotations
results in both firmware and OS updates. This is where dynamic key
management is useful.

An admin can switch from static keys to dynamic keys by coordinating with
Hardware Management Console(HMC) admin and enabling the required flags
for the given LPAR.

The dynamic key management relies on the Platform KeyStore(PKS)[2] storage
allocation for each LPAR with individually managed access controls to
store sensitive information securely. Once switched to dynamic keys, HMC
advertises this flag to the PowerVM, which then initializes the PKS
with the default secvars. It also creates a variable SB_VERSION that
represents the secure boot key management mode. The default secvars are
used by Partition firmware, grub and the linux kernel to reads keys for
verification. These secvars can be managed by user interface exposed via
linux kernel. The linux kernel already supports this interface and
it is available in the upstream kernel.

This patchset adds the appended signature support both for signing and
verification and the key management to the grub component. The whole
patchset can be split into following four main parts:

The series has following four main parts:

1.) Sign grub.elf with an appended signature. (Patches 1, 20, 21)

These patches provide some infrastructure and documentation for
signing grub's core.elf with a Linux-kernel-module style appended
signature.

An appended signature is a 'dumb' signature over the contents of a
file. (It is distinct from schemes like Authenticode that are aware of
the structure of the file and only sign certain parts.) The signature
is wrapped in a PKCS#7 message, and is appended to the signed file
along with some metadata and a magic string. The signatures are
validated against a public key which is usually provided as an x509
certificate.

Because some platforms, such as powerpc-ieee1275, may load grub from a
raw disk partition rather than a filesystem, we extend grub-install to
add an ELF note that allows us to specify the size and location of the
signature.

2.) Enable lockdown if secure boot is enabled (Patch 9)
Read secure boot mode from 'ibm,secure-boot' property and
If the 'ibm,secure-boot' property of the root node is 2,
enter lockdown. Else it is considered as disabled.
There are three secure boot modes. They are
0 - disabled
     No signature verification is performed. This is the default.
1 - audit
     Signature verification is performed and if signature verification
     fails, post the errors and allow the boot to continue.
2 - enforced
     Lockdown the GRUB. Signature verification is performed and
     If signature verification fails, post the errors and stop the boot.

Now, only support disabled and enforced.

3.) Enable appended signature verification using builtin keys (Patches 2 - 8 
and 10).

Part of a secure boot chain is allowing grub to verify the boot
kernel. For UEFI platforms, this is usually delegated to the
shim. However, for platforms that do not implement UEFI, an
alternative scheme is required.

This part teaches grub how to verify Linux kernel-style appended
signatures. Kernels on powerpc are already signed with this scheme and
can be verified by IMA for kexec.

As PKCS#7 messages and x509 certificates are both based on ASN.1, we
import libtasn1 to parse them. Because ASN.1 isn't self-documenting,
we import from GNUTLS the information we need to navigate their
structure.

This section is composed of the following patches:

- patches 2 and 3 are small refactorings.

- patch 4 allows x509 certificates to be built in to the grub core
  in much the same way as PGP keys.

- patch 5 brings in the code from GNUTLS that allows us to parse
  PKCS#7 and x509 with libtasn1.

- patch 6, 7 and 8  is our ASN1 node, PKCS#7 and x509 parser. They're minimal
  and fairly strict parsers that extract only the bits we need to verify the
  signatures.

- patch 10 is the guts of the appended signature verifier.

4.) Enable accessing keys dynamically from Platform KeyStore (Patch 11 - 18)

This part teaches grub how to read db and dbx variables from platform keystore
using client interface call then load keys from those two variable, and use it
to verify Linux kernel.

This section is composed of the following patches:

- patch 11 is an exposes an interface in ieee1275 for reading secure boot
  variable db and dbx from Platform Keystore. Read secure boot variables
  such as db and dbx from PKS and extract certificates from ESL.

- patch 12 is introducing key management environment variable.

- patch 13 is create the db and dbx lists from PKS.

- patch 14 is verify the kernel using db and dbx lists

- patch 15 is GRUB commands to manage the certificates

- patch 16 sets the use_static_keys flag if DB not available in PKS,
  and patch 17  is reads the DB default keys from ELF Note and
  store it in trusted lists if use_static_keys flag is set.

- patch 18 adds GRUB commands to access db and dbx.

5.) patch 19 adds unit test and 22 adds GRUB commands and an appended signatures
    documentation.

Thanks to Daniel Kiper for providing review comments.

I've pushed this all to
https://github.com/SudhakarKuppusamy1/grub/tree/appendedsig-2.13

[1]https://www.ibm.com/docs/en/linux-on-systems?topic=servers-guest-secure-boot-static-keys
[2]https://community.ibm.com/community/user/power/blogs/chris-engel1/2020/11/20/powervm-introduces-the-platform-keystore

Daniel Axtens (2):
  crypto: Move storage for grub_crypto_pk_* to crypto.c
  docs/grub: Document signing GRUB under UEFI

Sudhakar Kuppusamy (20):
  powerpc-ieee1275: Add support for signing GRUB with an appended
    signature
  pgp: Rename OBJ_TYPE_PUBKEY to OBJ_TYPE_GPG_PUBKEY
  grub-install: Support embedding x509 certificates
  appended signatures: Import GNUTLS's ASN.1 description files
  appended signatures: Parse ASN1 node
  appended signatures: Parse PKCS#7 signed data
  appended signatures: Parse X.509 certificates
  powerpc_ieee1275: Enter lockdown based on /ibm,secure-boot
  appended signatures: Support verifying appended signatures
  powerpc_ieee1275: Read the db and dbx secure boot variables
  appended signatures: Introducing key management environment variable
  appended signatures: Create db and dbx lists
  appended signatures: Using db and dbx lists for signature verification
  appended signatures: GRUB commands to manage the certificates
  powerpc_ieee1275: Introduce use_static_keys flag
  appended signatures: Read default db keys from the ELF Note
  appended signatures: GRUB commands to manage the hashes
  appended signatures: Verification tests
  docs/grub: Document signing GRUB with an appended signature
  docs/grub: Document appended signature

 docs/grub.texi                                |  483 ++++-
 grub-core/Makefile.am                         |    2 +
 grub-core/Makefile.core.def                   |   26 +
 grub-core/commands/appendedsig/appendedsig.c  | 1723 +++++++++++++++++
 grub-core/commands/appendedsig/appendedsig.h  |  134 ++
 grub-core/commands/appendedsig/asn1util.c     |   97 +
 .../commands/appendedsig/gnutls_asn1_tab.c    |  148 ++
 grub-core/commands/appendedsig/pkcs7.c        |  452 +++++
 .../commands/appendedsig/pkix_asn1_tab.c      |  485 +++++
 grub-core/commands/appendedsig/x509.c         |  979 ++++++++++
 grub-core/commands/pgp.c                      |    6 +-
 grub-core/kern/ieee1275/ieee1275.c            |    1 -
 grub-core/kern/ieee1275/init.c                |   58 +
 grub-core/kern/powerpc/ieee1275/ieee1275.c    |  139 ++
 .../kern/powerpc/ieee1275/platform_keystore.c |  367 ++++
 grub-core/lib/crypto.c                        |    4 +
 grub-core/tests/appended_signature_test.c     |  344 ++++
 grub-core/tests/appended_signatures.h         |  975 ++++++++++
 grub-core/tests/lib/functional_test.c         |    1 +
 include/grub/crypto.h                         |    1 +
 include/grub/efi/pks.h                        |  112 ++
 include/grub/err.h                            |    3 +-
 include/grub/file.h                           |    4 +
 include/grub/ieee1275/ieee1275.h              |    3 +
 include/grub/kernel.h                         |    3 +-
 include/grub/lockdown.h                       |    3 +-
 include/grub/powerpc/ieee1275/ieee1275.h      |   18 +
 .../grub/powerpc/ieee1275/platform_keystore.h |  127 ++
 include/grub/types.h                          |    4 +
 include/grub/util/install.h                   |   10 +-
 include/grub/util/mkimage.h                   |    4 +-
 util/grub-install-common.c                    |   42 +-
 util/grub-mkimage.c                           |   32 +-
 util/grub-mkimagexx.c                         |   40 +-
 util/mkimage.c                                |   50 +-
 35 files changed, 6836 insertions(+), 44 deletions(-)
 create mode 100644 grub-core/commands/appendedsig/appendedsig.c
 create mode 100644 grub-core/commands/appendedsig/appendedsig.h
 create mode 100644 grub-core/commands/appendedsig/asn1util.c
 create mode 100644 grub-core/commands/appendedsig/gnutls_asn1_tab.c
 create mode 100644 grub-core/commands/appendedsig/pkcs7.c
 create mode 100644 grub-core/commands/appendedsig/pkix_asn1_tab.c
 create mode 100644 grub-core/commands/appendedsig/x509.c
 create mode 100644 grub-core/kern/powerpc/ieee1275/ieee1275.c
 create mode 100644 grub-core/kern/powerpc/ieee1275/platform_keystore.c
 create mode 100644 grub-core/tests/appended_signature_test.c
 create mode 100644 grub-core/tests/appended_signatures.h
 create mode 100644 include/grub/efi/pks.h
 create mode 100644 include/grub/powerpc/ieee1275/platform_keystore.h

-- 
2.39.5 (Apple Git-154)

_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel