What is Secure Boot?
by Nate Young, on Jan 2, 2018 4:54:04 PM
The UEFI specification defines a mechanism called "Secure Boot" for ensuring the integrity of firmware and software running on a platform. Secure Boot establishes a trust relationship between the UEFI BIOS and the software it eventually launches (such as bootloaders, OSes, or UEFI drivers and utilities). After Secure Boot is enabled and configured, only software or firmware signed with approved keys are allowed to execute. Conversely, software signed with blacklisted keys are disallowed from executing. In this way, a system can guard against malicious attacks, rootkits, and unauthorized software updates that could happen prior to the OS launching.
The Secure Boot mechanism relies on public/private key pairs to verify the digital signature of all firmware and software before execution. Before digging in to the details of UEFI's Secure Boot, let's begin with a bit of high-level background on digital signatures.
The basic idea of digital signatures is to generate a pair of keys:
- A private key to be kept private and secured by the originator.
- A public key that can be distributed freely.
The mathematical correlation between this public/private key pair allows for checking the digital signature of a message for authenticity. To do the check, only the public key is necessary, and the message can be verified as having been signed by the private key without ever knowing the private key itself.
One other feature of this public/private key pair is that it is impractical to calculate the private key from the contents of the public key. This feature allows for the distribution of the public key without compromising the private key.
Lastly, a message cannot be signed using the public key. Only the private key is capable of signing the message properly. This is the basic mechanism digital signature technology uses to verify a message's integrity without compromising the details or contents of the private key.
Secure Boot Details
With this understanding of digital signatures, the UEFI "Secure Boot" technology consists of a collection of keys, categorized as follows:
- Platform Key (PK)
- Key Exchange Key (KEK)
- Whitelist Database (DB)
- Blacklist Database (DBX)
On a system with Secure Boot enabled and configured, each of these items will contain the public portions of public/private key pairs. The keys are used to authorize various components of the firmware and software.
- The Platform Key (PK) establishes a trust relationship between the platform owner and the firmware (UEFI BIOS) by controlling access to the KEK database. There is a single PK per platform, and the public portion of the PK is installed into the system, typically during production at the OEM. The private portion of the PK is necessary for modifying the KEK database.
- The Key Exchange Key (KEK) database establishes a trust relationship between the firmware and the OS. The KEK consists of a list of public keys that can be checked against for authorization to modify the whitelist database (DB) or blacklist database (DBX). There can be multiple KEKs per platform. The private portion of a KEK is necessary for modifying the DB or DBX.
- The whitelist database (DB) is a list of public keys that are used to check the digital signature of a given firmware or software. To discuss the DB, let's assume the system is booting and is about to execute the bootloader for selecting an OS to boot. The system will check the digital signature of the bootloader using the public keys in the DB, and if this bootloader was signed with a corresponding private key, then the bootloader is allowed to execute. Otherwise, it is blocked as unauthorized.
- Conversely, the blacklist database (DBX) is a list of public keys known to correspond to malicious or unauthorized firmware or software. Any software signed with a corresonding private key from this database will be blocked.
Trenton Systems Solutions
At Trenton Systems, all rugged computers, processor boards, and/or PCIe backplanes are shipped with Secure Boot technology which have factory default key configurations that support all major operating systems and their bootloaders, including Microsoft Windows and the Linux shim bootloader.
With the proper private keys in hand, the end users can add their own keys to authorize (or block) custom OSes and bootloaders to operate from within the Secure Boot environment.
Further customizations can be implemented at the customer's request, including changing factory default keys, updating the Secure Boot default state, and modifying the whitelist and blacklist databases.