--- title: Secure Boot Shenanigans date: 2016-11-11T16:30:00Z layout: Post tags: - linux hero: banner.jpg classes: header: header-black-gradient --- I bought a [Razer Blade Stealth](http://www.razerzone.com/gaming-systems/razer-blade-stealth) recently as an ultrabook I can take to lectures and just generally use when I'm out and about as a companion to the Pixel C I'm already using. Generally just for those annoying edgecases where it's not quite enough to just have Android ;) --- Anyway, it's dual-booting Arch and Windows 10. I wanted to see how much I could lock the platform down in terms of security, so, first steps... ## Secure Boot My end goal here is to use my own PKI to sign binaries which I deem acceptable to run on my system. I'm not going to go into the details of the PKI used for Secure Boot, but more... the specifics of modifying my laptop's firmware to allow me to substitute my own PKI for the factory shipped one. However: Secure Boot on the Razer Blade Stealth is... a tad lacking. Why? Razer have hidden the option to get to the key management options on the Razer Blade Stealth, for some reason. I'm too lazy to contact Razer support to get a modified firmware, and I don't know if they would even oblige, or just tell me to disable Secure Boot. ![Where's my Key Management option?](firmware-secure-boot-before.jpg) *Note that I went back and took this picture afterwards, which is why this is already in User mode and the Vendor Keys are not active.* But that's OK. The Razer Blade Stealth uses [AptioV from AMI](https://ami.com/products/bios-uefi-firmware/aptio-v/) as its firmware, which is fairly well understood... ### Notes * Using KeyTool.efi, I quickly discovered that the PK shipped with my system was the AMI Test PK: `DO NOT TRUST - AMI Test PK`. *sigh* ### Modifying the firmware, or "this way leads to insanity and a voided warranty" ```txt WARNING WARNING WARNING: There's a great potential to make your shiny new ultrabook into a £999+ brick. I'm not responsible if you do this. WARNING WARNING: This will almost certainly void your warranty. Maybe don't do this if you like your warranty? WARNING: if you do this, you probably want to not have Bitlocker enabled first, or at the very least to have your Bitlocker recovery key first. Replacing your system's firmware *will* change the TPM measurements and cause unsealing to fail (by design!). ``` #### Dumping the firmware Using AMI's AFUWIN tool [(download)](https://www.wimsbios.com/amiflasher.jsp), it's possible to dump (hint: the `Save` button is your friend!) the BIOS included with the system, since Razer have not published any firmware updates for this system yet, so we can't just download it. BACK THIS FILE UP. You never know when you might need it(!). OK, great, you have a dump of your system's firmware (excluding the Management Engine's firmware). What now? #### Taking a peek under the hood Well, using [UEFITool](https://github.com/LongSoft/UEFITool) it's possible to unpack the ROM image that you've dump and make modifications to it. If you're following along, then as of writing, you should use the older [0.21.5](https://github.com/LongSoft/UEFITool/releases/tag/0.21.5) version which supports repacking the ROM with changes. Once you've done that, you need to locate the UEFI binary which is the configuration utility (i.e. the thing with all the settings which most people think of when you say "BIOS"). The easiest way to find this for me was to just search for anything containing the Unicode string "Key Management"(!) Having found this binary, you can then dump it to a separate file (using **Extract body...** not **Extract as is...**). As a brief overview, this binary contains the setup menus, and often contains a bunch of functionality that's been masked out by the OEM, but which is still compiled in to the binary. This includes, thankfully, the options for resetting the system back into Secure Boot Setup Mode. A tool called [Universal IFR Extractor](https://github.com/donovan6000/Universal-IFR-Extractor) can help shine some light on when this is the case, by showing you a textual representation of what the *I*nternal *F*orms *R*epresentation tree looks like. It's super helpful, because it also displays the hex representation alongside, as well as displaying the location in the binary where it was found. In my case, I discovered that there's a check to see if the variable `0xB0E` is set to `0x0`, and if so then the interesting menu items are hidden. Boo. We can fix that using a hex editor ;) #### Hmm... I want... ALL OF THEM By replacing the byte sequence `0A 82 12 06 0E 0B 00 00` (suppress if: variable 0xB0E has value 0x0) with `0A 82 12 06 0E 0B 00 FF` (suppress if: variable 0xB0E has value 0xFF00), then we can force all of these previously-hidden menu items to be shown. I'm being a bit rash here and just hoping that this doesn't appear in the text section of the binary. Feel free to be a bit more surgical ;) Having done that, you can now repack the ROM using UEFITool (using **Replace body...**), and then save it (*not* over the top of your clean ROM!). #### The Dangerous Bit **You should reread the warnings I wrote above before doing this. It's not my fault if you brick your system, even if you follow all of these instructions to the letter.** Again using AFUWIN you can take your freshly unlocked ROM and flash it to your system. Once that's done, cross your fingers and reboot! Hopefully you should now seen the `Key Management` options under `Secure Boot` in the options :) ![Secure Boot menu after doing some dangerous hacks](firmware-secure-boot-after.jpg) ![The newly-unhidden Secure Boot Key Management menu](firmware-secure-boot-keys-after.jpg) ## Drive Encryption ### Windows Windows 10 Pro ships with Bitlocker, and the Razer Blade Stealth has a TPM, which means that you can attest to the state of the system using the TPM to ensure that you're being booted on the hardware (and with the software configuration) you think you're being booted on. However, the RBS only ships with Windows 10 Home, so after entering my W10 Pro license key, and waiting what felt like an age for it to apply the additional features, and reboot (twice!), I managed to Bitlocker my drive. For additional security, you can optionally [set it up in TPM+PIN mode](http://www.howtogeek.com/262720/how-to-enable-a-pre-boot-bitlocker-pin-on-windows/), but I'm not entirely convinced this provides any serious additional benefit beyond a BIOS/disk unlock password (with TPMed Bitlocker). ### Arch Arch has dm-crypt support, which is both fairly standard and boring. I'm using LUKS+dm-crypt, with a reasonably long passphrase. It looks there's some interest in [TrustedGrub](https://projects.sirrix.com/trac/trustedgrub/) to use the TPM measurements to then unseal a key, similarly to Bitlocker, but I haven't done this. ### UEFI I added a disk unlock password, as well as a UEFI administrator password to avoid unauthorised changes to the boot order or to the UEFI configuration. Boot from USB is also disabled and removed from the boot order. ## Bonus Pictures Before: ![Advanced menu before](firmware-advanced-before.jpg) ...and after: ![Advanced menu after](firmware-advanced-after.jpg) As well as my new boot splash: ![Boot splash](firmware-bootsplash-after.jpg)