Some questions regarding firmware handling in the qemu driver

Jim Fehlig jfehlig at suse.com
Wed Jun 8 17:37:10 UTC 2022 

On 6/8/22 10:20, Andrea Bolognani wrote:
> On Tue, Jun 07, 2022 at 02:57:17PM -0600, Jim Fehlig wrote:
>> Hi All,
>>
>> I received a bug report (private, sorry) about inability to "deploy uefi
>> virtual machine with secureboot enabled on aarch64 kvm host". Indeed the
>> qemu driver has some checks that would prohibit using secure boot with
>> aarch64 virt machines, e.g.
>>
>> https://gitlab.com/libvirt/libvirt/-/blob/master/src/qemu/qemu_validate.c#L571
>>
>> However it appears qemu does not restrict booting a firmware with keys
>> enrolled and secure boot enabled. E.g.
>>
>> qemu-system-aarch64 -m 4096 -cpu host -accel kvm -smp 4 -M virt -drive if=pflash,format=raw,readonly=on,file=/usr/share/qemu/aavmf-aarch64-opensuse-code.bin
>> -drive
>> if=pflash,format=raw,file=/vm_images/jim/images/test/test-vars-store.bin ...
>>
>> seems to work fine and within the guest I see db keys loaded by kernel
>>
>> [    4.782777] integrity: Loading X.509 certificate: UEFI:db
>> [    4.789494] integrity: Loaded X.509 cert 'Build time autogenerated kernel
>> key: 44e3470bd0c5eb190e3292dfc42db061521184ee'
>> [    4.789548] integrity: Loading X.509 certificate: UEFI:db
>> [    4.789701] integrity: Loaded X.509 cert 'openSUSE Secure Boot Signkey:
>> 0332fa9cbf0d88bf21924b0de82a09a54d5defc8'
>> [    4.789710] integrity: Loading X.509 certificate: UEFI:db
>> [    4.789841] integrity: Loaded X.509 cert 'SUSE Linux Enterprise Secure
>> Boot Signkey: 3fb077b6cebc6ff2522e1c148c57c777c788e3e7'
>>
>> Can we consider easing the secure boot restrictions in qemuValidateDomainDefBoot?
> 
> Will such a configuration refuse to boot an unsigned guest OS? Is it
> reasonably tamper-proof (see below)? If the answer to both of these
> question is yes, then relaxing the check sounds reasonable.

The answer to your first question is yes, although with an unfriendly assert in ovmf

ASSERT [ArmCpuDxe] 
/home/abuild/rpmbuild/BUILD/edk2-edk2-stable202202/ArmPkg/Library/DefaultExceptionHandlerLib/AArch64/DefaultExceptionHandler.c(333): 
((BOOLEAN)(0==1))

I don't know the answer to your second question. I think we agree it is achieved 
with SMM on x86, but as Daniel mentioned it is arch-specific. I see ARM has the 
notion of a Management Mode [1], but not sure if that provides all the 
functionality of SMM. The ARM Server Base Security Guide [2] also notes 
requirements for UEFI Secure Boot (page 17), although I wonder if any server 
manufacturers provide that.

Regards,
Jim

[1] https://documentation-service.arm.com/static/5ed11e40ca06a95ce53f905c?token=
[2] https://documentation-service.arm.com/static/5fb7e9e5ca04df4095c1d669?token=

More information about the libvir-list mailing list