UEFI SecureBoot on ArchLinux
For KVM and Laptop
I want full control what boots the computer to avoid the so called evil maid attack. That requires setting SecureBoot with only my own keys.
To simplify, I boot Linux directly from UEFI (no intermediate bootloaders).
Now UEFI can only boot a single efi executable, but to boot Linux you also need one or more initramfs (including intel micro-code) and a command line. So all of these things have to be combined with
objcopy. The combined file is then signed.
Alternatively I'd need to use grub2 or some other bootloader that knows about SecureBoot - that kind of scares me since it increases the attack surface.
 command line: the boot command line maybe could be avoided with auto-discovery. AFAIK Arch is not fully ready for that yet.
Three keys/certificates are needed for UEFI SecureBoot (PK, KEK, DB). They are created with openssl.
MAKE SURE YOU KEEP YOU .key files and access to UEFI secure!!!
Note: the below script doesn't do anything when executed. Needs to be copy pasted for now.
/boot/ is the ESP (EFI System Partition)
Required packages: efibootmgr and from AUR: sbsigntools and efitools. pesign was recommended in some docs, didn't work at all for me when signing files.
You need an OVMF (the opensource UEFI firmware) binary. Since the one in Arch repos doesn't support SecureBoot, and the one in AUR doesn't compile (yet), I took a prebuilt one from a Fedora repository, and unpacked it with bsdtar. Download the edk2.git-ovmf-x64*rpm file and get the
OVMF-pure-efi.fd file from it (or alternatively OVMF_CODE-pure-efi.fd and OVMF_VARS-pure-efi.fd).
To run QEMU/KVM with the OVMF firmware, run it as:
qemu-system-x86_64 -enable-kvm -bios OVMF-pure-efi.fd -hda vfat:/usr/share/efitools/efi/
or just install some Linux from .iso. Don't forget, UEFI requires GPT.
My Thinkpad T450s doesn't have key management in the firmware (the bios), so a third-party one needs to be used.
KeyTool.efi, so I copied it and the *.auth files in
/boot/keys and set it up to boot on next-boot with efibootmgr. In the firmware first choose the Enter Setup mode option, that will clear keys, and allow you to replace them. Save and reset, and now KeyTool.efi will be able to replace the db, KEK and PK certificates (in that order). I didn't just add the certificate because I wanted only my own keys there. If that is ok, reboot and enable SecureBoot.
On the next reboot KeyTool.efi can't run since it's not signed, so the boot will continue to my own combined and signed Linux image.
Don't forget to upgrade the firmware before starting. Bugs are often fixed and not even not documented.