linux-tpmdd self signed kernel failing to boot with secreboot on

linux-tpmdd self signed kernel failing to boot with secreboot on

[Jordan]

Hello,

I am attempting to boot the linux-tpmdd kernel and look at the TCG 2 
binary_bios_measurements.

Under the following circumstances my kernel will not boot:
* Secure boot enabled
* Booting with shim and grub2 from the Ubuntu 18 repos
* Kernel config is just taken from my ubuntu 18.04.2 install, and filled 
in with `yes '' | make oldconfig`
* Kernel signed with my own generated key. Signed using sbsign, key is 
enrolled in MOK.
* It seems to be going through the kernel's EFI stub (I see efi_printk 
message "EFI: UEFI Secure Boot is enabled")

I have tried these same steps with the same configuration with the 
mainline kernel and it boots fine.

I have traced kernel boot to the call to efi_exit_boot_services in 
arch/x86/boot/compressed/eboot at which point execution terminates. I 
see Matthew has made a couple changes in efi_main which calls exit_boot 
(and in turn calls efi_exit_boot_services).

I am wondering if anyone else has seen this issue or might understand 
better than me what is going on.

I would be happy to try to repro this issue with a more minimal config 
if someone could point me to what steps to follow. I've tried it out on 
a couple different machines with the same results.

Thanks,
Jordan

Re: linux-tpmdd self signed kernel failing to boot with secreboot on

[Matthew Garrett]

On Wed, Apr 24, 2019 at 11:30 AM 'Jordan' via mjg59 <mjg59@google.com> wrote:
> Under the following circumstances my kernel will not boot:

Will it boot under other circumstances (ie, if you disable Secure
Boot, does it work fine with the patches?)

> I have traced kernel boot to the call to efi_exit_boot_services in
> arch/x86/boot/compressed/eboot at which point execution terminates. I
> see Matthew has made a couple changes in efi_main which calls exit_boot
> (and in turn calls efi_exit_boot_services).

Does the boot hang or does the machine reboot?

Re: linux-tpmdd self signed kernel failing to boot with secreboot on

[Jordan Hand]

On 4/25/19 2:47 PM, Matthew Garrett wrote:
> On Wed, Apr 24, 2019 at 11:30 AM 'Jordan' via mjg59 <mjg59@google.com> wrote:
>> Under the following circumstances my kernel will not boot:
> 
> Will it boot under other circumstances (ie, if you disable Secure
> Boot, does it work fine with the patches?)

Yes it works fine if secure boot is disabled.

> 
>> I have traced kernel boot to the call to efi_exit_boot_services in
>> arch/x86/boot/compressed/eboot at which point execution terminates. I
>> see Matthew has made a couple changes in efi_main which calls exit_boot
>> (and in turn calls efi_exit_boot_services).
> 
> Does the boot hang or does the machine reboot?
> 

The boot hangs.

I haven't had a chance yet but I'll try it out with upstream grub this 
week (instead of the Ubuntu package) and see if maybe its grub doing 
something weird.

Re: linux-tpmdd self signed kernel failing to boot with secreboot on

[Matthew Garrett]

On Mon, Apr 29, 2019 at 8:31 AM Jordan Hand <jorhand@linux.microsoft.com> wrote:
>
> On 4/25/19 2:47 PM, Matthew Garrett wrote:
> > On Wed, Apr 24, 2019 at 11:30 AM 'Jordan' via mjg59 <mjg59@google.com> wrote:
> >> Under the following circumstances my kernel will not boot:
> >
> > Will it boot under other circumstances (ie, if you disable Secure
> > Boot, does it work fine with the patches?)
>
> Yes it works fine if secure boot is disabled.

That is… very strange. Disabling secure boot will change the contents
of PCR7, but I can't think of any reason that would matter. What
hardware is this on?

Re: linux-tpmdd self signed kernel failing to boot with secreboot on

[Jordan Hand]

On 4/29/19 12:17 PM, Matthew Garrett wrote:
> On Mon, Apr 29, 2019 at 8:31 AM Jordan Hand <jorhand@linux.microsoft.com> wrote:
>>
>> On 4/25/19 2:47 PM, Matthew Garrett wrote:
>>> On Wed, Apr 24, 2019 at 11:30 AM 'Jordan' via mjg59 <mjg59@google.com> wrote:
>>>> Under the following circumstances my kernel will not boot:
>>>
>>> Will it boot under other circumstances (ie, if you disable Secure
>>> Boot, does it work fine with the patches?)
>>
>> Yes it works fine if secure boot is disabled.
> 
> That is… very strange. Disabling secure boot will change the contents
> of PCR7, but I can't think of any reason that would matter. What
> hardware is this on?
> 
I have tried this both on a Gen2 Hyper-V VM (from a Windows Host) and on 
a Lenovo X1 Carbon with the same results.

Re: linux-tpmdd self signed kernel failing to boot with secreboot on

[Matthew Garrett]

On Mon, Apr 29, 2019 at 1:35 PM Jordan Hand <jorhand@linux.microsoft.com> wrote:
> I have tried this both on a Gen2 Hyper-V VM (from a Windows Host) and on
> a Lenovo X1 Carbon with the same results.

Can you let me know which generation of X1 it is? I'll see if I can
borrow one to test.

Re: linux-tpmdd self signed kernel failing to boot with secreboot on

[Jordan Hand]

On 4/29/19 3:50 PM, Matthew Garrett wrote:
> On Mon, Apr 29, 2019 at 1:35 PM Jordan Hand <jorhand@linux.microsoft.com> wrote:
>> I have tried this both on a Gen2 Hyper-V VM (from a Windows Host) and on
>> a Lenovo X1 Carbon with the same results.
> 
> Can you let me know which generation of X1 it is? I'll see if I can
> borrow one to test. >

1st Gen (SKU Number from dmidecode is LENOVO_MT_3448)

Re: linux-tpmdd self signed kernel failing to boot with secreboot on

[Matthew Garrett]

On Tue, Apr 30, 2019 at 9:28 AM Jordan Hand <jorhand@linux.microsoft.com> wrote:

> 1st Gen (SKU Number from dmidecode is LENOVO_MT_3448)

Ok, unfortunately not able to grab one of those. If you boot with
earlyprintk=efi on the kernel command line, do you get any output
around the hang?

Re: linux-tpmdd self signed kernel failing to boot with secreboot on

[Jordan Hand]

On 4/30/19 3:43 PM, Matthew Garrett wrote:
> On Tue, Apr 30, 2019 at 9:28 AM Jordan Hand <jorhand@linux.microsoft.com> wrote:
> 
>> 1st Gen (SKU Number from dmidecode is LENOVO_MT_3448)
> 
> Ok, unfortunately not able to grab one of those. If you boot with
> earlyprintk=efi on the kernel command line, do you get any output
> around the hang?
> 
No. The only print messages I get are from efi_printk. And they don't 
show up like normal kernel logs do during boot. The purple grub screen 
hangs and the efi_printk messages just print over the top of it.

Although now I'm wondering if the efi_printk messages I added after 
efi_exit_boot_services just aren't showing up because I've exited boot 
services and can no longer call that function (seems reasonable).

Re: linux-tpmdd self signed kernel failing to boot with secreboot on

[Matthew Garrett]

On Tue, Apr 30, 2019 at 4:00 PM Jordan Hand <jorhand@linux.microsoft.com> wrote:

> No. The only print messages I get are from efi_printk. And they don't
> show up like normal kernel logs do during boot. The purple grub screen
> hangs and the efi_printk messages just print over the top of it.
>
> Although now I'm wondering if the efi_printk messages I added after
> efi_exit_boot_services just aren't showing up because I've exited boot
> services and can no longer call that function (seems reasonable).

Ah, yes, any attempt to efi_printk() after efi_exit_boot_services() is
likely to end badly! In that case can you try the patch in
https://lore.kernel.org/linux-integrity/CACdnJuvYAfFboej4e5jQ=iwhb-5Pi7BgSKEWGqJ0q=uarCoOfQ@mail.gmail.com/T/#m4326297b6aa5ec27948325eb22736871b8aca998
?