160 lines
7.4 KiB
Markdown
160 lines
7.4 KiB
Markdown
|
---
|
||
|
title: Secure Boot Shenanigans
|
||
|
date: 2016-11-11
|
||
|
layout: Post
|
||
|
tags:
|
||
|
- linux
|
||
|
hero: /assets/2016-11-11/banner.a6acff235ea8.jpg
|
||
|
classes:
|
||
|
header: header-black-gradient
|
||
|
---
|
||
|
|
||
|
I bought a [Razer Blade Stealth](http://www.razerzone.com/gaming-systems/razer-blade-stealth)
|
||
|
recently as an ultrabook I can take to lectures and just generally use when I'm out and about
|
||
|
as a companion to the Pixel C I'm already using. Generally just for those annoying edgecases
|
||
|
where it's not quite enough to just have Android ;)
|
||
|
|
||
|
---
|
||
|
|
||
|
Anyway, it's dual-booting Arch and Windows 10. I wanted to see how much I could lock the platform
|
||
|
down in terms of security, so, first steps...
|
||
|
|
||
|
## Secure Boot
|
||
|
|
||
|
My end goal here is to use my own PKI to sign binaries which I deem acceptable to run on my system.
|
||
|
I'm not going to go into the details of the PKI used for Secure Boot, but more... the specifics of
|
||
|
modifying my laptop's firmware to allow me to substitute my own PKI for the factory shipped one.
|
||
|
|
||
|
However: Secure Boot on the Razer Blade Stealth is... a tad lacking. Why?
|
||
|
|
||
|
Razer have hidden the option to get to the key management options on the Razer Blade Stealth,
|
||
|
for some reason. I'm too lazy to contact Razer support to get a modified firmware, and I don't know
|
||
|
if they would even oblige, or just tell me to disable Secure Boot.
|
||
|
|
||
|
![Where's my Key Management option?](/assets/2016-11-11/firmware-secure-boot-before.35da7f6fed59.jpg)
|
||
|
|
||
|
*Note that I went back and took this picture afterwards, which is why this is already in User mode and the Vendor Keys are not active.*
|
||
|
|
||
|
But that's OK. The Razer Blade Stealth uses [AptioV from AMI](https://ami.com/products/bios-uefi-firmware/aptio-v/)
|
||
|
as its firmware, which is fairly well understood...
|
||
|
|
||
|
### Notes
|
||
|
|
||
|
* Using KeyTool.efi, I quickly discovered that the PK shipped with my system was the AMI
|
||
|
Test PK: `DO NOT TRUST - AMI Test PK`. *sigh*
|
||
|
|
||
|
### Modifying the firmware, or "this way leads to insanity and a voided warranty"
|
||
|
|
||
|
```txt
|
||
|
WARNING WARNING WARNING: There's a great potential to make your shiny new ultrabook into a £999+ brick.
|
||
|
I'm not responsible if you do this.
|
||
|
|
||
|
WARNING WARNING: This will almost certainly void your warranty. Maybe don't do this if you
|
||
|
like your warranty?
|
||
|
|
||
|
WARNING: if you do this, you probably want to not have Bitlocker enabled first, or at the very least
|
||
|
to have your Bitlocker recovery key first. Replacing your system's firmware *will* change the TPM
|
||
|
measurements and cause unsealing to fail (by design!).
|
||
|
```
|
||
|
|
||
|
#### Dumping the firmware
|
||
|
|
||
|
Using AMI's AFUWIN tool [(download)](https://www.wimsbios.com/amiflasher.jsp), it's possible to
|
||
|
dump (hint: the `Save` button is your friend!) the BIOS included with the system, since Razer have
|
||
|
not published any firmware updates for this system yet, so we can't just download it.
|
||
|
|
||
|
BACK THIS FILE UP. You never know when you might need it(!).
|
||
|
|
||
|
OK, great, you have a dump of your system's firmware (excluding the Management Engine's firmware).
|
||
|
What now?
|
||
|
|
||
|
#### Taking a peek under the hood
|
||
|
|
||
|
Well, using [UEFITool](https://github.com/LongSoft/UEFITool) it's possible to unpack the ROM image
|
||
|
that you've dump and make modifications to it. If you're following along, then as of writing, you
|
||
|
should use the older [0.21.5](https://github.com/LongSoft/UEFITool/releases/tag/0.21.5) version
|
||
|
which supports repacking the ROM with changes.
|
||
|
|
||
|
Once you've done that, you need to locate the UEFI binary which is the configuration utility
|
||
|
(i.e. the thing with all the settings which most people think of when you say "BIOS"). The easiest
|
||
|
way to find this for me was to just search for anything containing the Unicode string "Key Management"(!)
|
||
|
|
||
|
Having found this binary, you can then dump it to a separate file (using **Extract body...** not
|
||
|
**Extract as is...**). As a brief overview, this binary contains the setup menus, and often contains
|
||
|
a bunch of functionality that's been masked out by the OEM, but which is still compiled in to the binary.
|
||
|
This includes, thankfully, the options for resetting the system back into Secure Boot Setup Mode.
|
||
|
|
||
|
A tool called [Universal IFR Extractor](https://github.com/donovan6000/Universal-IFR-Extractor) can help
|
||
|
shine some light on when this is the case, by showing you a textual representation of what the *I*nternal
|
||
|
*F*orms *R*epresentation tree looks like. It's super helpful, because it also displays the hex representation
|
||
|
alongside, as well as displaying the location in the binary where it was found.
|
||
|
|
||
|
In my case, I discovered that there's a check to see if the variable `0xB0E` is set to `0x0`, and if
|
||
|
so then the interesting menu items are hidden. Boo. We can fix that using a hex editor ;)
|
||
|
|
||
|
#### Hmm... I want... ALL OF THEM
|
||
|
|
||
|
By replacing the byte sequence `0A 82 12 06 0E 0B 00 00` (suppress if: variable 0xB0E has value 0x0)
|
||
|
with `0A 82 12 06 0E 0B 00 FF` (suppress if: variable 0xB0E has value 0xFF00), then we can force
|
||
|
all of these previously-hidden menu items to be shown. I'm being a bit rash here and just hoping that
|
||
|
this doesn't appear in the text section of the binary. Feel free to be a bit more surgical ;)
|
||
|
|
||
|
Having done that, you can now repack the ROM using UEFITool (using **Replace body...**), and then
|
||
|
save it (*not* over the top of your clean ROM!).
|
||
|
|
||
|
#### The Dangerous Bit
|
||
|
|
||
|
**You should reread the warnings I wrote above before doing this. It's not my fault if you brick your
|
||
|
system, even if you follow all of these instructions to the letter.**
|
||
|
|
||
|
Again using AFUWIN you can take your freshly unlocked ROM and flash it to your system.
|
||
|
|
||
|
Once that's done, cross your fingers and reboot! Hopefully you should now seen the `Key Management`
|
||
|
options under `Secure Boot` in the options :)
|
||
|
|
||
|
![Secure Boot menu after doing some dangerous hacks](/assets/2016-11-11/firmware-secure-boot-after.c50a7559d0be.jpg)
|
||
|
![The newly-unhidden Secure Boot Key Management menu](/assets/2016-11-11/firmware-secure-boot-keys-after.bfbe6608b071.jpg)
|
||
|
|
||
|
## Drive Encryption
|
||
|
|
||
|
### Windows
|
||
|
|
||
|
Windows 10 Pro ships with Bitlocker, and the Razer Blade Stealth has a TPM, which means
|
||
|
that you can attest to the state of the system using the TPM to ensure that you're being booted
|
||
|
on the hardware (and with the software configuration) you think you're being booted on.
|
||
|
|
||
|
However, the RBS only ships with Windows 10 Home, so after entering my W10 Pro license key, and
|
||
|
waiting what felt like an age for it to apply the additional features, and reboot (twice!), I
|
||
|
managed to Bitlocker my drive.
|
||
|
|
||
|
For additional security, you can optionally [set it up in TPM+PIN mode](http://www.howtogeek.com/262720/how-to-enable-a-pre-boot-bitlocker-pin-on-windows/),
|
||
|
but I'm not entirely convinced this provides any serious additional benefit beyond a BIOS/disk
|
||
|
unlock password (with TPMed Bitlocker).
|
||
|
|
||
|
### Arch
|
||
|
|
||
|
Arch has dm-crypt support, which is both fairly standard and boring. I'm using LUKS+dm-crypt,
|
||
|
with a reasonably long passphrase. It looks there's some interest in
|
||
|
[TrustedGrub](https://projects.sirrix.com/trac/trustedgrub/) to use the TPM measurements to
|
||
|
then unseal a key, similarly to Bitlocker, but I haven't done this.
|
||
|
|
||
|
### UEFI
|
||
|
|
||
|
I added a disk unlock password, as well as a UEFI administrator password to avoid unauthorised
|
||
|
changes to the boot order or to the UEFI configuration. Boot from USB is also disabled and removed
|
||
|
from the boot order.
|
||
|
|
||
|
## Bonus Pictures
|
||
|
|
||
|
Before:
|
||
|
|
||
|
![Advanced menu before](/assets/2016-11-11/firmware-advanced-before.e8758168cdad.jpg)
|
||
|
|
||
|
...and after:
|
||
|
|
||
|
![Advanced menu after](/assets/2016-11-11/firmware-advanced-after.a32bd6fe67aa.jpg)
|
||
|
|
||
|
As well as my new boot splash:
|
||
|
|
||
|
![Boot splash](/assets/2016-11-11/firmware-bootsplash-after.6bc3fe7087f9.jpg)
|