2025-01-31 –, Salles de séminaire 1
This talk will explore challenges and proposed strategies for implementing UEFI Secure Boot within Xen and downstream distributions like XCP-ng or Qubes OS, focusing on how these changes can enhance security and contribute to a more unified framework for future development.
We will begin by examining why UEFI Secure Boot is essential in continuing the transitive chain established by the modern static root of trust, and its synergy with TrenchBoot and DRTM technology. We will delve into the implications of the UEFI Secure Boot process, showing why simply signing bootloaders and hypervisor binaries is insufficient; a comprehensive implementation must address the entire boot chain.
Throughout the presentation, we will navigate the technical complexities of effectively integrating UEFI Secure Boot in Xen. Some obstacles include:
- Support for SBAT: We will discuss the mandated adoption of SBAT for signing Xen code and the prerequisite implementation of NX_COMPAT, which is critical for UEFI Secure Boot compatibility.
- Kexec and Livepatching: the necessity for integrity checks using SHA256 during kexec operations and the requirement for signature verification for live patches.
- Command Line Handling: how command-line parameters can introduce vulnerabilities unless carefully managed, which must be resolved for an implementation that can maintain a chain of trust.
- Memory Layout Compatibility: challenges presented by PE file formats and their interactions with Xen's memory layout demands.
Community input is critical to ensure that the proposed changes align with practical use cases and user requirements. We will articulate a potential roadmap for progressing toward full UEFI Secure Boot support in Xen, with collaborative development and user requirements guiding change. By elucidating the roadmap, we aim to motivate stakeholders to engage in dialogue prioritizing secure launch technologies as essential components of a modern virtualization strategy.
Piotr Król is an open-source firmware enthusiast who founded 3mdeb in
March 2015. His expertise is rooted in the hacker ethos of collaborative
innovation and transparency, guiding 3mdeb's focus on projects like
Zarhus OS, a Yocto-based Embedded Linux distribution, and Dasharo, a
coreboot downstream project. These projects are dedicated to open
development, embedded firmware resilience, platform security,
transparency, the right to repair, and digital sovereignty.
Piotr's deep involvement in open-source firmware includes key computing
areas such as Root of Trust, Secure, Verified and Measured Boot, TPM,
coreboot, UEFI, EDK II, Yocto, U-Boot, and Linux. He often speaks at
significant industry events like FOSDEM, Xen Developers Summit, and
Platform Security Summit, sharing his insights and promoting the
open-source firmware ecosystem. Piotr is dedicated to sharing knowledge
by serving as a Trainer at OpenSecurityTraining2, offering free and open
educational materials to advance the open-source firmware ecosystem.