Fedora 40 and Systemd/UKI - A status Update
Fedora has been working on supporting the New Linux Trusted Boot (NLTB).
In Fedora 39 you could install it, but you had to use sdboot to boot the UKI kernel,
and the uki image was not signed, so you had to add your own keys to UEFI, and manually
sign the sdboot and uki binaries.
Fedora 40 has improved the support significantly, albeit only for virtual machine guests.
The GOOD: Significant new security features include:
- The UKI is now signed by Fedora!
- The UKI is now booted from the UEFI boot menu, not sdboot.
(The shim has been modified to boot the UKI directly.)
So, your normal kernel still boots from grub, and the UKI from UEFI.
- systemd added a "--tpm2-seal-key-handle=" option, so you can easily use a DRSK!
- The systemd measurements are now logged in /run/log/systemd/tpm2-measure.log
which is json formatted, and easily converted to CEL. No more parsing the journald log.
The BAD:
- As of now (4/29/2024) the selinux policy is broken.
- You can't create or run libvirt based VMs on a host Fedora 40!
***FIXED May 3 2024***
- The swtpm CA does not create the guest's endorsement key
***FIXED May 4 2024***
- Guest systemd measurements are not all logged in /run/log/systemd/tpm2-measure.log!
- The uki image has some limitations:
- it will not automatically unseal the LUKS key from the tpm, so you
have to type in a LUKS password at boot.
- There is no graphical console for UEFI booting, so you have to enter the LUKS
password on the text console, in the middle of all the boot messages.
Comments on Booting
The new UKI kernel cannot be booted from Grub.
It can be booted from:
sdboot (This was how the version on Fedora 39 was booted)
UEFI Boot Menu
shim
Booting from sdboot is convenient, as it has shim support for Fedora signed uki, and it has an attractive menu at boot. It is, however the hardest to install, as shown in the Fedora 39 instructions.
Booting from the UEFI boot menu is a little less friendly - you have to remember which key to press to get the boot menu, and have to time it well at boot time. In addition, the UEFI does not support Fedora's signature keys. If you want to sign your own UKI, you have to add the keys to the UEFI db.
Fedora 40 boots the UKI directly from the shim. The shim has been extended to look at its UEFI boot variable, where the target UKI file path has been appended. Fedora 40 added a utility "kernel-bootcfg" as a friendly front end to the underlying efibootmgr. Booting from the shim is convenient, as it supports Fedora's keys, and it is already installed. As with booting directly from the UEFI menu, it is tricky to get the UEFI boot menu if you want to boot something other than the default.
Comments on Verification of the Event Log:
Fedora 40 has significantly extended the measurement system. Most importantly it has added the measurement of the root partition ID and volume key to PCR-15. Because the event log does not contain the secret volume key, there is no way for the verifier to verify the digest for this event - the verifier can only tell if it has changed or not. In addition, the verifier needs the digest that was extended for this event, as it cannot calculate it from the event content. In earlier versions of systemd, the events were logged in journald, and did not contain the digests.
Fortunately systemd version 255 in Fedora 40 adds an explicit event log in the file /run/log/systemd/tpm2-measure.log. This file is in json format, and is easily converted to CEL format for verification. With this new log, it is possible to verify the overall events for PCR-15, although it is still not possible to verify the event contents for the root/volume key event.
Simplified Installation instructions:
Create VM:
get the ISO: Fedora-Everything-netinst-x86_64-40-1.14.iso
Run virt-manager and create a new VM:
"customize configuration before install"
select the secureboot UEFI for BIOS: "OVMF_CODE_4M.secboot.qcow2"
Add the emulated TPM
install fedora 40 in vm:
normal install with
custom partitions
use standard partitions (ext4 for root)
encrypt my data
automatically create default partitions
add user to tss group
reboot
Install uki support and kernel:
dnf install virt-firmware uki-direct kernel-uki-virt
reboot