Technical whitepaper Secure Boot Customization Guide July 2017 L01780-001
Technical whitepaper Disclaimer The information contained in this document, including URL, other web site references, and other specification documents are subject to change without notice and are provided for informational purposes only. No licenses concerning any intellectual property are being granted, expressly or impliedly, by the disclosure of the information contained in this document.
Technical whitepaper Version No. Revised by Changes 0.1 Chris Stewart Initial Baseline 0.2 Chris Stewart Augment PK and KEK import procedures to show sample for self-signed keys. 1.0 Chris Stewart Add disclaimer 1.1 Joe David, Jason Aydelotte Clarifications and formatting revisions © Copyright 2017 HP Development Company, L.P. Error! No text of specified style in document.
Technical whitepaper Table of contents 1 Introduction ........................................................................................................................... 7 2 Setting up a customized Secure Boot environment .............................................................. 8 2.1 Backup existing Secure Boot configuration ..................................................................................................... 8 2.2 Place your HP PC in Secure Boot setup mode ...................
Technical whitepaper List of figures Figure 1 Run PowerShell as Administrator ................................................................................................. 8 Figure 2 Sample Get-SecureBootUEFI Commands to backup default Secure Boot configuration ... 9 Figure 3 Sample backup of default Secure Boot configuration .............................................................. 9 Figure 4 Place HP PC in Secure Boot setup mode ............................................................
Technical whitepaper List of tables Table 1 List of switches useful for Format-SecureBootUEFI command to format the Platform Key (PK) .............................................................................................................................................14 Table 2 Command line switches to create SetVariable() package ........................................................ 15 Table 3 Command line switches to import PK to Windows ....................................................
Technical whitepaper 1 Introduction This document offers an overview of how to configure Secure Boot in a customized environment, specifically one in which the machine owner claims ownership of the machine by installing his own Secure Boot Platform Key. Doing this requires the platform owner to configure Secure Boot further to allow the machine to boot. This guide makes several assumptions: 1.
Technical whitepaper 2 Setting up a customized Secure Boot environment 2.1 Backup existing Secure Boot configuration The first step is to back up the default PK, KEK, DB, and DBX. Partly, this is intended as a failsafe because the ultimate protection against loss of access to a Secure Boot environment is to have a backup copy of the default configuration 1.
Technical whitepaper Get-SecureBootUEFI -Name PK -OutputFilePath F:\SecureBoot\HpPk.BAK Get-SecureBootUEFI -Name KEK -OutputFilePath F:\SecureBoot\HpKek.BAK Get-SecureBootUEFI -Name DB -OutputFilePath F:\SecureBoot\HpDb.BAK Get-SecureBootUEFI -Name DBX -OutputFilePath F:\SecureBoot\HpDbx.
Technical whitepaper F10 setup again and return to the Advanced...Secure Boot Configuration screen. Finally, check the box next to the Clear Secure Boot keys option and press F10 to Save and Exit. Figure 4 Place HP PC in Secure Boot setup mode When the machine reboots, allow it to boot to the Windows desktop. From here, it is possible to install your PK, KEK, DB, and DBX configuration settings. 2.
Technical whitepaper 2.4.1 Generate a new PK First, generate a self-signed certificate. openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout PK.KEY -out PK.CRT Figure 5 Sample command line for generation of a self-signed certificate You will have to answer several questions. Sample output follows: Figure 6 Sample output of generation of self-signed certificate The command generates both a KEY file and a CRT file.
Technical whitepaper In response to this command, you will have to provide an export password. If the command is successful, you will see output similar to the following: Figure 8 Sample output of creation of PFX file At this point, you have the following files: PK.CRT, PK.KEY, and PK.PFX. The certificate you need to use is PK.CRT, but it is in a base64-encoded format. For Secure Boot, this certificate must be in DER format. Thus, you must convert it to DER format: openssl x509 -outform der -in PK.
Technical whitepaper 2.4.2 Generate a new KEK To generate a new self-signed KEK, follow the steps in the immediately preceding section, but replace all filename references to PK with filename references to KEK. You now have two sets of self-signed keys and certificates which can be used for Secure Boot customization. We reproduce the commands here but not the command output: Create certificate: openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout KEK.KEY -out KEK.
Technical whitepaper Format-SecureBootUEFI Command Line Parameter Meaning -Name PK Indicates that you are working with the Platform Key (PK) -SignatureOwner DEF16466-F946-4E71-BE22-CF8B1B7B36A0 The hexadecimal number is a GUID that uniquely identifies you to the platform. You can generate a GUID using the Microsoft GuidGen.exe tool, among other means. -ContentFilePath .\PK_SigList.bin This file is created to hold the content that is generated by Format-SecureBootUEFI, i.e. the formatted content.
Technical whitepaper the new PK onto your platform. The second step uses Windows tools to write the new PK directly to your platform BIOS storage repository. 2.5.1 PK: Create a valid SetVariable() package Set-SecureBootUEFI Command Line Parameter Meaning -Name PK Indicates that you are working with the Platform Key (PK) -Time 2016-02-01T13:30:00Z Specifies the current date and time, which must be specified. -ContentFilePath .\PK_SigList.
Technical whitepaper If successful, the command should produce output similar to the following: Figure 15 Successful import of PK to Windows This command imports the PK into your system. 2.6 Install the new PK-signed KEK Launch PowerShell as Administrator. Again, the Format-SecureBootUEFI and Set-SecureBootUEFI commands are used to install the new PK-signed KEK. Obtain your KEK public key as a DER-encoded certificate file. You should obtain this certificate from your HSM provider.
Technical whitepaper If successful, the command should produce output similar to the following: Figure 16 Successful output of formatted KEK It is the SignableFilePath file, in this case, KEK_SigList_Serialization_for_KEK.bin, which is submitted to your HSM solution for signing. This file should be signed using the private key for your new PK. A proper signing command for KEK_SigList_Serialization_for_KEK.bin, if using a PFX file 3, is as follows. In this case, signtool must be in your path: signtool.
Technical whitepaper If successful, the command should produce output similar to the following: Figure 18 Successful creation of SetVariable() package 2.6.2 Import KEK Using Windows Tools There is one more step required to use the Windows tools to import the KEK: writing the KEK itself to Non-volatile Random Access Memory (NVRAM). Use the Set-SecureBootUEFI command inside Windows PowerShell for this purpose.
Technical whitepaper 2.7 Install the New KEK-signed DB and DBX 2.7.1 DB The simplest way to get to the default HP DB configuration using the Windows command line tools is to create a Signature List serialization file using the three HP default certificates. If you wish to omit one or more or exclusively use your DERencoded certificates, you can do that, of course. The following command parameters create a signable signature list file using the three default HP DB certificates, embedded in this document.
Technical whitepaper Again, the file to submit to your HSM solution for signing is the signature list serialization file, in this case, HpDb_SigList_Serialization_for_DB.bin. This file should be signed using the private key for your new KEK. A proper signing command for HpDb_SigList_Serialization_for_DB.bin, if using a PFX file 4, is as follows. In this case, signtool must be in your path: signtool.exe sign /fd sha256 /p7 .\ /p7co 1.2.840.113549.1.7.1 /p7ce DetachedSignedData /a /f .\KEK.
Technical whitepaper If successful, the command should produce output similar to the following: Figure 22 Successful creation of package 2.7.1.2 Import KEK-Signed DB Using Windows Tools There is one more step required to use the Windows tools to import the KEK: writing the KEK itself to Non-volatile Random Access Memory (NVRAM).
Technical whitepaper 2.7.2 DBX To import the previously backed-up DBX file, you should follow the same procedure as for the DB, except that you need to substitute the desired proscribed certificates for DBX. The default set of HP-proscribed certificates is provided here as an attachment, immediately following. HP_Default_DBX_Certificates.zip Again, these certificates need to be formatted properly using the Format-SecureBootUEFI command.
Technical whitepaper signing command for HpDbx_SigList_Serialization_for_DBX.bin, if using a PFX file 5, is as follows. In this case, signtool must be in your path: signtool.exe sign /fd sha256 /p7 .\ /p7co 1.2.840.113549.1.7.1 /p7ce DetachedSignedData /a /f .\KEK.PFX /p HpDbx_SigList_Serialization_for_DBX.bin Figure 25 Command line to sign DBX using PFX file Replace with the actual private key password for your PFX file.
Technical whitepaper 2.7.2.2 Import KEK-Signed DBX Using Windows Tools There is one more step required to use the Windows tools to import the KEK: writing the KEK itself to Non-volatile Random Access Memory (NVRAM). Use the Set-SecureBootUEFI command inside Windows PowerShell for this purpose Set-SecureBootUEFI Command Line Parameter Meaning -Name DBX Indicates that you are working with the Secure Boot DBX. -Time 2016-02-01T13:30:00Z Specifies the current date and time, which must be specified.
Technical whitepaper certificate in DER format. The first step is to format this certificate for Secure Boot import, using Format-SecureBootUEFI. Once formatted for import, the certificate must be signed by the KEK, using your HSM solution. Finally, the formatted and signed certificate must be imported into the DB (or DBX) using Set-SecureBootUEFI using the –Append flag to avoid overwriting the existing DB. 2.9.1 DB Obtain your new DB public key as a DER-encoded certificate file.
Technical whitepaper Again, it is the SignableFilePath file, in this case, NewHpDb_SigList_Serialization_for_DB.bin, which is submitted to your HSM solution for signing. This file should be signed using the private key for your new KEK, already imported into the Secure Boot database. A proper signing command for NewHpDb_SigList_Serialization_for_DB.bin, if using a PFX file 6, is as follows. In this case, signtool must be in your path: signtool.exe sign /fd sha256 /p7 .\ /p7co 1.2.840.113549.1.7.
Technical whitepaper There is one more step required to use the Windows tools to import the KEK: writing the KEK itself to Non-volatile Random Access Memory (NVRAM). Use the Set-SecureBootUEFI command inside Windows PowerShell for this purpose Set-SecureBootUEFI Command Line Parameter Meaning -Name DB Indicates that you are working with the Secure Boot certificate database (DB). -Time 2016-02-01T13:30:00Z Specifies the current date and time, which must be specified. -ContentFilePath .\NewHpDb_SigList
Technical whitepaper 3 References • Windows 8.1 Secure Boot Key Creation and Management Guidance. https://technet.microsoft.com/enus/library/dn747883.aspx • Get-SecureBootUEFI command. https://technet.microsoft.com/en-us/library/jj603039(v=wps.630).aspx • Secure Boot Key Generation and Signing Using HSM (Example). https://technet.microsoft.com/enus/library/dn747881.aspx • A Layman's Guide to a Subset of ASN.1, BER, and DER. http://luca.ntop.org/Teaching/Appunti/asn1.html • Format-SecureBootUEFI command.
