Security Vulnerability: "Boothole" grub2 UEFI secure boot lockdown bypass
This document (000019673) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 11
Situation
Security researchers from Eclypsium have identified a flaw in grub2 that allows people to access the grub2 prompt to bypass UEFI secure boot lockdown restrictions and so boot unsigned code. This flaw is tracked by CVE-2020-10713 .
Further research identified more grub2 security issues that needed to be addressed similarly,
tracked by CVE-2020-14308, CVE-2020-14309, CVE-2020-14310 , CVE-2020-14311 & CVE-2020-15706 .
The attack could allow running root-malware to become persistent over booting, e.g. becoming boot-malware, regardless of the operating system.
Further research identified more grub2 security issues that needed to be addressed similarly,
tracked by CVE-2020-14308, CVE-2020-14309, CVE-2020-14310 , CVE-2020-14311 & CVE-2020-15706 .
The attack could allow running root-malware to become persistent over booting, e.g. becoming boot-malware, regardless of the operating system.
Resolution
SUSE has released grub2 updates to address the actual security issue.
SUSE and other ecosystem vendors are also required to keep the integrity of the UEFI secure boot chain.
This in turn means that loading of older affected grub2 versions should be suppressed.
The UEFI secure boot chain will be updated in 2 stages :
SUSE and other ecosystem vendors are also required to keep the integrity of the UEFI secure boot chain.
This in turn means that loading of older affected grub2 versions should be suppressed.
The UEFI secure boot chain will be updated in 2 stages :
- SUSE released updates for the "shim" loader that will include an exclusion for all previously released secure boot binaries, by adding our previous signing key to the exclusion list (vendor dbx)..
As this requires SUSE first rebuilding and releasing all secure boot related packages with our new signing key, this will only happen some weeks after the grub2 releases.
- Microsoft publishes a global revocation list that excludes all older "shim" versions from SUSE and other vendors from the UEFI secure boot chain.
This exclusion list is published on https://uefi.org and should only be applied to real systems in some months, by either BIOS vendors, Microsoft Windows Update, or manual DBX installation.
Administrators need to make sure that all BootHole related online updates have been installed before applying these DBX lists via updates.
Administrators need to make sure that all BootHole related online updates have been installed before applying these DBX lists via updates.
BACKGROUND:
The SUSE UEFI Secure Boot Chain and actions taken:
The SUSE UEFI Secure Boot Chain and actions taken:
- SUSE UEFI CA key
The existing SUSE UEFI CA key will stay as-is. This key is embedded in existing and new shim loaders and continues to be the SUSE root of secure boot trust.
- SUSE UEFI signing key
This key is signed by the SUSE UEFI CA key.
As SUSE has previously released various grub2 updates signed by the SUSE UEFI signing key, SUSE will introduce a new SUSE signing key, and block the old signing key via the new shim.
As SUSE has previously released various grub2 updates signed by the SUSE UEFI signing key, SUSE will introduce a new SUSE signing key, and block the old signing key via the new shim.
- shim
The "shim" loader is a small bootloader for UEFI based x86_64 machines.
It is signed by the Microsoft UEFI CA, which is embedded in all UEFI BIOSes.
The shim contains the SUSE UEFI CA key which is the base of the SUSE UEFI secure boot trust chain.
SUSE updated the shim to block binaries signed by the up to now used SUSE UEFI signing key.
Microsoft will publish a UEFI DBX revocation database to revoke older versions of shims to remove ability of loading older grub2 versions.
This DBX update will be put on the uefi.org website, but not yet deployed via Windows Update or via BIOS vendor updates.
It is signed by the Microsoft UEFI CA, which is embedded in all UEFI BIOSes.
The shim contains the SUSE UEFI CA key which is the base of the SUSE UEFI secure boot trust chain.
SUSE updated the shim to block binaries signed by the up to now used SUSE UEFI signing key.
Microsoft will publish a UEFI DBX revocation database to revoke older versions of shims to remove ability of loading older grub2 versions.
This DBX update will be put on the uefi.org website, but not yet deployed via Windows Update or via BIOS vendor updates.
- grub2
Called by "shim", grub2 presents the boot menu and options on what to boot, then loads either the Linux Kernel or the XEN hypervisor.
SUSE released updated grub2 packages, with security fixes and signed by our new UEFI signing key.
SUSE released updated grub2 packages, with security fixes and signed by our new UEFI signing key.
- Linux kernel
During the evaluation of this 'grub2' security issue, some flaws were also found in the kernel that could also be used to bypass the secure boot lock down.
These are tracked in different CVE's : by CVE-2019-20908 and CVE-2020-15780 .
These 'lockdown' bypass security bugs affected SUSE Linux Enterprise 12 SP4 and newer versions only.
SUSE has released updated kernels, with above fixed and signed by our new UEFI signing key.
These are tracked in different CVE's : by CVE-2019-20908 and CVE-2020-15780 .
These 'lockdown' bypass security bugs affected SUSE Linux Enterprise 12 SP4 and newer versions only.
SUSE has released updated kernels, with above fixed and signed by our new UEFI signing key.
- xen, kmp and other secure boot related packages
As other packages that are are in the UEFI secure boot chain will be released, these will be signed by the new UEFI signing key.
Cause
Status
Security Alert
Additional Information
As SUSE has released a new "shim", on "secure boot" enabled systems using the old versions of grub2, the kernel, or xen will no longer boot, and older SUSE provided kernel modules will no longer be loadable !
Also older DVD / ISO media provided by SUSE will no longer boot in UEFI secure boot scenarios after the UEFI DBX revocation list is applied to the machine.
SUSE provides respin media containing the newly signed shim and other packages, available via download.suse.com.
If you encounter problems, there is also the option to Disable Secure Boot temporarily via the system BIOS, install the updates, and the re-enable Secure Boot.
References :
SUSE Blog : https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/
Security reseachers : https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
Important note :
Due to the the scale of the vulnerability spanning a wide range of components, extreme care must be taken by SUSE and other vendors to fix this issue properly.
This issue will require different stages and multiple rounds of solutions to test and confirm each solution to completely fix the problem. As a general rule, each update of each stage requires extreme care be taken because of the serious risk of bricking customer computers, should something go wrong at any of those stages...
Update September 15, 2020 :
As another milestone in resolving this issue for our customers, today SUSE has released the new shims required to fix the problem. The tool required to apply these shim's has not yet been released.
Along with the documentation on how to apply these shim's, SUSE will release this tool at a later stage.
Also older DVD / ISO media provided by SUSE will no longer boot in UEFI secure boot scenarios after the UEFI DBX revocation list is applied to the machine.
SUSE provides respin media containing the newly signed shim and other packages, available via download.suse.com.
If you encounter problems, there is also the option to Disable Secure Boot temporarily via the system BIOS, install the updates, and the re-enable Secure Boot.
References :
SUSE Blog : https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/
Security reseachers : https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
Important note :
Due to the the scale of the vulnerability spanning a wide range of components, extreme care must be taken by SUSE and other vendors to fix this issue properly.
This issue will require different stages and multiple rounds of solutions to test and confirm each solution to completely fix the problem. As a general rule, each update of each stage requires extreme care be taken because of the serious risk of bricking customer computers, should something go wrong at any of those stages...
Update September 15, 2020 :
As another milestone in resolving this issue for our customers, today SUSE has released the new shims required to fix the problem. The tool required to apply these shim's has not yet been released.
Along with the documentation on how to apply these shim's, SUSE will release this tool at a later stage.
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000019673
- Creation Date: 27-Jul-2020
- Modified Date:04-Jan-2021
-
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
