UEFI Platform key updating/revocation

Robotics & Edge Computing Jetson Systems Jetson Thor
1

Hello,

I have a general question about UEFI Secure boot for Jetson Systems on JP6 and JP7.

Could you please clarify how to update the PK key and revoke the old PK in case it is compromised? Is it possible to do this through the Capsule Update?

I read the documentation, but it doesn’t mention updating the PK.

3

hello nazaraa,

please see-also Topic 361581 for the steps for firmware capsule update to have PKC key revocation without a host machine.

4

That topic is about PKC key revocation, which is not UEFI key. But I am interested in UEFI Secure boot keys revocation (PK, KEK, DB), especially PK (Platform Key).

5

hello nazaraa,

UEFI Secure Boot can be disabled by enrolling noPK.auth at runtime.
assume you enable UEFI secureboot via Capsule update, you may disable UEFI Secure Boot on next boot by running the kernel utility efi-updatevar with noPK.auth

6

Hello,

  • Could you give me an example of how to generate noPK.auth correctly? I have not managed to find it in the documentation.
  • Is it possible to disable UEFI Secure boot if UEFI Secure Boot was enabled during the flashing process?
    The Documentation strongly recommends to enable UEFI Secure boot at flashing time. However it seems that it will not possible to disable UEFI Secure boot in such case.
  • Is it possible to update PK key without disabling UEFI Secure boot?
7

hello nazaraa,

it also depends-on how you enable UEFI Secure Boot.
– If UEFI Secure Boot is enabled during flashing, it cannot be disabled except by reflashing the QSPI.
– If UEFI Secure Boot is enabled at runtime, it can be disabled using noPK.auth.

so, to do this, please create an empty EFI Signature List (ESL) file named noPK.esl. i.e.$ touch noPK.esl
next, sign this empty file with your existing Platform Key using sign-efi-sig-list. this will generate noPK.auth,
for instance, $ sign-efi-sig-list -k PK.key -c PK.crt PK noPK.esl noPK.auth

8

Hello, JerryChang

We would like to enable UEFI Secure Boot during flashing on the factory floor. And we would like to have possibility to revoke PK key if it is compromised.
We also don’t want the device to boot with UEFI Secure boot disabled after flashing, so enabling UEFI SB by using Capsule Update after flashing is not our case.

Are you going to support such case in further JP releases?

I used Method Three to enable UEFI Secure boot. Next tried to disable it with noPK.auth, but with no luck (JP7.1, Thor)

Log 
$ efivar -n 8be4df61-93ca-11d2-aa0d-00e098032b8c-SecureBoot
GUID: 8be4df61-93ca-11d2-aa0d-00e098032b8c
Name: "SecureBoot"
Attributes:
	Boot Service Access
	Runtime Service Access
Value:
00000000  01                                               

$ sudo efi-updatevar -f uefi_keys/noPK.auth PK
Failed to update PK: Operation not permitted

$ lsattr /sys/firmware/efi/efivars/PK-8be4df61-93ca-11d2-aa0d-00e098032b8c 
----i----------------- /sys/firmware/efi/efivars/PK-8be4df61-93ca-11d2-aa0d-00e098032b8c
$ sudo chattr -i /sys/firmware/efi/efivars/PK-8be4df61-93ca-11d2-aa0d-00e098032b8c
$ sudo efi-updatevar -f uefi_keys/noPK.auth PK
Failed to update PK: Invalid argument
9

hello nazaraa,

note, you should install below utilities,
$ sudo apt-get update
$ sudo apt-get install efitools
$ sudo efi-readvar
you should also check the UEFI Secureboot status with.. $ mokutil --sb-state.

let me have confirmation, had you enrolled keys (PK.auth), and then enroll the noPK.auth by efi-updatevar as below?
$ sudo efi-updatevar -f /opt/uefi_keys/PK.auth PK
//reboot for checking
$ sudo efi-updatevar -f /opt/uefi_keys/noPK.auth PK
after updating, you should reboot the system for checking UEFI secureboot status,
i.e. $ mokutil --sb-state.

10

Yes, I did the following steps:
sudo efi-updatevar -f uefi_keys/db.auth db
sudo efi-updatevar -f uefi_keys/KEK.auth KEK
sudo efi-updatevar -f uefi_keys/PK.auth PK
sudo reboot

And then tried:

sudo efi-updatevar -f uefi_keys/noPK.auth PK

11

hello nazaraa,

may I also confirm UEFI secureboot status for each state. thanks
for instance,
$ sudo efi-updatevar -f uefi_keys/db.auth db
$ sudo efi-updatevar -f uefi_keys/KEK.auth KEK
$ sudo efi-updatevar -f uefi_keys/PK.auth PK
$ sudo reboot
$ mokutil --sb-state // it checks the UEFI secureboot status of above operations.

12 
$ sudo efi-readvar
Variable PK, length 837
PK: List 0, type X509
    Signature 0, size 809, owner f9a51f7c-5332-441e-8439-c0dcff66bd61
        Subject:
            CN=my Platform Key
        Issuer:
            CN=my Platform Key
Variable KEK, length 845
KEK: List 0, type X509
    Signature 0, size 817, owner f9a51f7c-5332-441e-8439-c0dcff66bd61
        Subject:
            CN=my Key Exchange Key
        Issuer:
            CN=my Key Exchange Key
Variable db, length 1730
db: List 0, type X509
    Signature 0, size 829, owner f9a51f7c-5332-441e-8439-c0dcff66bd61
        Subject:
            CN=my Signature Database key
        Issuer:
            CN=my Signature Database key
db: List 1, type X509
    Signature 0, size 845, owner f9a51f7c-5332-441e-8439-c0dcff66bd61
        Subject:
            CN=my another Signature Database key
        Issuer:
            CN=my another Signature Database key
Variable dbx has no entries
Variable MokList has no entries
$ mokutil --sb-state
SecureBoot enabled
13

hello nazaraa,

please try again with below, it looks there’s one additional step I’ve skipped.

– Prepare the noPK.auth file from host machine.
$ cd $OUT/Linux_for_Tegra/uefi_keys
$ touch noPK.esl
$ sign-efi-sig-list -k PK.key -c PK.crt PK noPK.esl noPK.auth

– Copy the noPK.auth file to the target (Jetson Thor).
$ scp noPK.auth target@IP:/tmp/
$ sudo cp /tmp/noPK.auth /opt/uefi_keys/noPK.auth

– Enroll the noPK.auth file.
$ sudo chattr -i /sys/firmware/efi/efivars/PK-8be4df61-93ca-11d2-aa0d-00e098032b8c
$ sudo efi-updatevar -f /opt/uefi_keys/noPK.auth PK

14

I have already tried with the changed attribute here.
Just tried once again:

$ lsattr /sys/firmware/efi/efivars/PK-8be4df61-93ca-11d2-aa0d-00e098032b8c
----i----------------- /sys/firmware/efi/efivars/PK-8be4df61-93ca-11d2-aa0d-00e098032b8c
$ sudo chattr -i /sys/firmware/efi/efivars/PK-8be4df61-93ca-11d2-aa0d-00e098032b8c
$ lsattr /sys/firmware/efi/efivars/PK-8be4df61-93ca-11d2-aa0d-00e098032b8c
---------------------- /sys/firmware/efi/efivars/PK-8be4df61-93ca-11d2-aa0d-00e098032b8c
$ sudo efi-updatevar -f uefi_keys/noPK.auth PK
Failed to update PK: Invalid argument
17

hello nazaraa,

just an FYI, we’ve tested locally to confirm UEFI Secure Boot can be disabled using noPK.auth.
we’re tested with Thor/r38.4

18

Hello JerryChang,

Which method did you use to enable UEFI Secure boot? (UEFI Utilities from an Ubuntu Prompt or Capsule). I used UEFI Utilities from an Ubuntu Prompt.

I reflashed the Thor and tried again. Result is the same. Details below:

TARGET:
VM 8001: I/TC: WARNING: UEFI variable protection is not fully enabled !
VM 8001: I/TC: WARNING: Test UEFI variable auth key is being used !
VM 8001: I/TC: WARNING: UEFI variable protection is not fully enabled !
VM 8001: I/TC: WARNING: Test UEFI variable auth key is being used !
VM 8001: I/TC: WARNING: UEFI variable protection is not fully enabled !
VM 8001: I/TC: WARNING: Test UEFI variable auth key is being used !
VM 8001: I/TC: WARNING: UEFI variable protection is not fully enabled !

$ sudo nvbootctrl dump-slots-info
Current version: 38.4.0
Capsule update status: 0
Current bootloader slot: A
Active bootloader slot: A
num_slots: 2
slot: 0,             status: normal
slot: 1,             status: normal

$ sudo efi-readvar
Variable PK has no entries
Variable KEK has no entries
Variable db has no entries
Variable dbx has no entries
Variable MokList has no entries

$ mokutil --sb-state
SecureBoot disabled
Platform is in Setup Mode

HOST:
- generate uefi keys
rm -rf uefi_keys
mkdir uefi_keys
cd uefi_keys
GUID=$(uuidgen)

### Generate PK RSA Key Pair, Certificate, and EFI Signature List File
openssl req -newkey rsa:2048 -nodes -keyout PK.key  -new -x509 -sha256 -days 3650 -subj "/CN=my Platform Key/" -out PK.crt
cert-to-efi-sig-list -g "${GUID}" PK.crt PK.esl

### Generate KEK RSA Key Pair, Certificate, and EFI Signature List File
openssl req -newkey rsa:2048 -nodes -keyout KEK.key  -new -x509 -sha256 -days 3650 -subj "/CN=my Key Exchange Key/" -out KEK.crt
cert-to-efi-sig-list -g "${GUID}" KEK.crt KEK.esl

### Generate db_1 RSA Key Pair, Certificate, and EFI Signature List File
openssl req -newkey rsa:2048 -nodes -keyout db_1.key  -new -x509 -sha256 -days 3650 -subj "/CN=my Signature Database key/" -out db_1.crt
cert-to-efi-sig-list -g "${GUID}" db_1.crt db_1.esl

### Generate db_2 RSA Key Pair, Certificate, and EFI Signature List File
openssl req -newkey rsa:2048 -nodes -keyout db_2.key  -new -x509 -sha256 -days 3650 -subj "/CN=my another Signature Database key/" -out db_2.crt
cert-to-efi-sig-list -g "${GUID}" db_2.crt db_2.esl

### Generate PK Auth File
sign-efi-sig-list -k PK.key -c PK.crt PK PK.esl PK.auth

### Generate KEK Auth File
sign-efi-sig-list -k PK.key -c PK.crt KEK KEK.esl KEK.auth

### Generate db Auth Files
cat db_1.esl db_2.esl > db.esl
sign-efi-sig-list -k KEK.key -c KEK.crt db db.esl db.auth

### Gen noPK file
touch noPK.esl
sign-efi-sig-list -k PK.key -c PK.crt PK noPK.esl noPK.auth

- copy uefi_keys to TARGET

TARGET:
- sign images
- Enroll keys
$ sudo efi-updatevar -f uefi_keys/db.auth db
$ sudo efi-updatevar -f uefi_keys/KEK.auth KEK
$ sudo efi-updatevar -f uefi_keys/PK.auth PK
$ sudo reboot
$ sudo mokutil --sb-state
SecureBoot enabled
$ sudo efi-readvar
Variable PK, length 837
PK: List 0, type X509
    Signature 0, size 809, owner e22254ae-9584-4e1e-afc3-bf374bb68062
        Subject:
            CN=my Platform Key
        Issuer:
            CN=my Platform Key
Variable KEK, length 845
KEK: List 0, type X509
    Signature 0, size 817, owner e22254ae-9584-4e1e-afc3-bf374bb68062
        Subject:
            CN=my Key Exchange Key
        Issuer:
            CN=my Key Exchange Key
Variable db, length 1730
db: List 0, type X509
    Signature 0, size 829, owner e22254ae-9584-4e1e-afc3-bf374bb68062
        Subject:
            CN=my Signature Database key
        Issuer:
            CN=my Signature Database key
db: List 1, type X509
    Signature 0, size 845, owner e22254ae-9584-4e1e-afc3-bf374bb68062
        Subject:
            CN=my another Signature Database key
        Issuer:
            CN=my another Signature Database key
Variable dbx has no entries
Variable MokList has no entries

– Enroll the noPK.auth file.
$ sudo chattr -i /sys/firmware/efi/efivars/PK-8be4df61-93ca-11d2-aa0d-00e098032b8c
$ sudo efi-updatevar -f uefi_keys/noPK.auth PK
Failed to update PK: Invalid argument
19

hello nazaraa,

we have UEFI Secure Boot enabled at runtime, and it’s following the same shared steps to disabled by using noPK.auth.

20

Could you test again with clean reflash of Thor devkit by software from your web site?
I use following packages:

  • Jetson_Linux_R38.4.0_aarch64.tbz2
  • host_overlay_fskp_tools_R38.4.0_aarch64.tbz2
  • ota_tools_R38.4.0_aarch64.tbz2
  • Tegra_Linux_Sample-Root-Filesystem_R38.4.0_aarch64.tbz2

from here.

21

hello nazaraa,

we usually flash Jetson platform via SDK Manager | NVIDIA Developer,
we’ve tested with JetPack 7.1

22

But we never use SDK Manager and any ISO images. All our production tools based on Driver Package (BSP) like Jetson_Linux_R38.4.0_aarch64.tbz2. We hope that provided BSP contains correct versions of firmwares, especially UEFI firmwares in this case.

23

hello nazaraa,

there should be no difference, you may download Jetpack release and replacing UEFI firmware for confirmation.