depot/web/lukegbcom/posts/2016-11-11-secure-boot-shenanigans.md

160 lines
7.2 KiB
Markdown
Raw Permalink Normal View History

2022-04-03 23:32:57 +00:00
---
title: Secure Boot Shenanigans
date: 2016-11-11T16:30:00Z
2022-04-03 23:32:57 +00:00
layout: Post
tags:
- linux
2022-04-05 02:18:57 +00:00
hero: banner.jpg
2022-04-03 23:32:57 +00:00
classes:
header: header-black-gradient
---
I bought a [Razer Blade Stealth](http://www.razerzone.com/gaming-systems/razer-blade-stealth)
recently as an ultrabook I can take to lectures and just generally use when I'm out and about
as a companion to the Pixel C I'm already using. Generally just for those annoying edgecases
where it's not quite enough to just have Android ;)
---
Anyway, it's dual-booting Arch and Windows 10. I wanted to see how much I could lock the platform
down in terms of security, so, first steps...
## Secure Boot
My end goal here is to use my own PKI to sign binaries which I deem acceptable to run on my system.
I'm not going to go into the details of the PKI used for Secure Boot, but more... the specifics of
modifying my laptop's firmware to allow me to substitute my own PKI for the factory shipped one.
However: Secure Boot on the Razer Blade Stealth is... a tad lacking. Why?
Razer have hidden the option to get to the key management options on the Razer Blade Stealth,
for some reason. I'm too lazy to contact Razer support to get a modified firmware, and I don't know
if they would even oblige, or just tell me to disable Secure Boot.
2022-04-05 02:18:57 +00:00
![Where's my Key Management option?](firmware-secure-boot-before.jpg)
2022-04-03 23:32:57 +00:00
*Note that I went back and took this picture afterwards, which is why this is already in User mode and the Vendor Keys are not active.*
But that's OK. The Razer Blade Stealth uses [AptioV from AMI](https://ami.com/products/bios-uefi-firmware/aptio-v/)
as its firmware, which is fairly well understood...
### Notes
* Using KeyTool.efi, I quickly discovered that the PK shipped with my system was the AMI
Test PK: `DO NOT TRUST - AMI Test PK`. *sigh*
### Modifying the firmware, or "this way leads to insanity and a voided warranty"
```txt
WARNING WARNING WARNING: There's a great potential to make your shiny new ultrabook into a £999+ brick.
I'm not responsible if you do this.
WARNING WARNING: This will almost certainly void your warranty. Maybe don't do this if you
like your warranty?
WARNING: if you do this, you probably want to not have Bitlocker enabled first, or at the very least
to have your Bitlocker recovery key first. Replacing your system's firmware *will* change the TPM
measurements and cause unsealing to fail (by design!).
```
#### Dumping the firmware
Using AMI's AFUWIN tool [(download)](https://www.wimsbios.com/amiflasher.jsp), it's possible to
dump (hint: the `Save` button is your friend!) the BIOS included with the system, since Razer have
not published any firmware updates for this system yet, so we can't just download it.
BACK THIS FILE UP. You never know when you might need it(!).
OK, great, you have a dump of your system's firmware (excluding the Management Engine's firmware).
What now?
#### Taking a peek under the hood
Well, using [UEFITool](https://github.com/LongSoft/UEFITool) it's possible to unpack the ROM image
that you've dump and make modifications to it. If you're following along, then as of writing, you
should use the older [0.21.5](https://github.com/LongSoft/UEFITool/releases/tag/0.21.5) version
which supports repacking the ROM with changes.
Once you've done that, you need to locate the UEFI binary which is the configuration utility
(i.e. the thing with all the settings which most people think of when you say "BIOS"). The easiest
way to find this for me was to just search for anything containing the Unicode string "Key Management"(!)
Having found this binary, you can then dump it to a separate file (using **Extract body...** not
**Extract as is...**). As a brief overview, this binary contains the setup menus, and often contains
a bunch of functionality that's been masked out by the OEM, but which is still compiled in to the binary.
This includes, thankfully, the options for resetting the system back into Secure Boot Setup Mode.
A tool called [Universal IFR Extractor](https://github.com/donovan6000/Universal-IFR-Extractor) can help
shine some light on when this is the case, by showing you a textual representation of what the *I*nternal
*F*orms *R*epresentation tree looks like. It's super helpful, because it also displays the hex representation
alongside, as well as displaying the location in the binary where it was found.
In my case, I discovered that there's a check to see if the variable `0xB0E` is set to `0x0`, and if
so then the interesting menu items are hidden. Boo. We can fix that using a hex editor ;)
#### Hmm... I want... ALL OF THEM
By replacing the byte sequence `0A 82 12 06 0E 0B 00 00` (suppress if: variable 0xB0E has value 0x0)
with `0A 82 12 06 0E 0B 00 FF` (suppress if: variable 0xB0E has value 0xFF00), then we can force
all of these previously-hidden menu items to be shown. I'm being a bit rash here and just hoping that
this doesn't appear in the text section of the binary. Feel free to be a bit more surgical ;)
Having done that, you can now repack the ROM using UEFITool (using **Replace body...**), and then
save it (*not* over the top of your clean ROM!).
#### The Dangerous Bit
**You should reread the warnings I wrote above before doing this. It's not my fault if you brick your
system, even if you follow all of these instructions to the letter.**
Again using AFUWIN you can take your freshly unlocked ROM and flash it to your system.
Once that's done, cross your fingers and reboot! Hopefully you should now seen the `Key Management`
options under `Secure Boot` in the options :)
2022-04-05 02:18:57 +00:00
![Secure Boot menu after doing some dangerous hacks](firmware-secure-boot-after.jpg)
![The newly-unhidden Secure Boot Key Management menu](firmware-secure-boot-keys-after.jpg)
2022-04-03 23:32:57 +00:00
## Drive Encryption
### Windows
Windows 10 Pro ships with Bitlocker, and the Razer Blade Stealth has a TPM, which means
that you can attest to the state of the system using the TPM to ensure that you're being booted
on the hardware (and with the software configuration) you think you're being booted on.
However, the RBS only ships with Windows 10 Home, so after entering my W10 Pro license key, and
waiting what felt like an age for it to apply the additional features, and reboot (twice!), I
managed to Bitlocker my drive.
For additional security, you can optionally [set it up in TPM+PIN mode](http://www.howtogeek.com/262720/how-to-enable-a-pre-boot-bitlocker-pin-on-windows/),
but I'm not entirely convinced this provides any serious additional benefit beyond a BIOS/disk
unlock password (with TPMed Bitlocker).
### Arch
Arch has dm-crypt support, which is both fairly standard and boring. I'm using LUKS+dm-crypt,
with a reasonably long passphrase. It looks there's some interest in
[TrustedGrub](https://projects.sirrix.com/trac/trustedgrub/) to use the TPM measurements to
then unseal a key, similarly to Bitlocker, but I haven't done this.
### UEFI
I added a disk unlock password, as well as a UEFI administrator password to avoid unauthorised
changes to the boot order or to the UEFI configuration. Boot from USB is also disabled and removed
from the boot order.
## Bonus Pictures
Before:
2022-04-05 02:18:57 +00:00
![Advanced menu before](firmware-advanced-before.jpg)
2022-04-03 23:32:57 +00:00
...and after:
2022-04-05 02:18:57 +00:00
![Advanced menu after](firmware-advanced-after.jpg)
2022-04-03 23:32:57 +00:00
As well as my new boot splash:
2022-04-05 02:18:57 +00:00
![Boot splash](firmware-bootsplash-after.jpg)