Source: shim Version: 15.8-1~deb12u1 Severity: wishlist X-Debbugs-Cc: adrela...@whonix.org, arraybo...@gmail.com
It's currently difficult for users who want to trust Debian's Secure Boot keys without trusting Microsoft's keys to use Debian with Secure Boot enabled. The shim binary embeds Debian's public keys for Secure Boot, but the binary itself is only signed by Microsoft's third-party key, so if the user wants to involve shim in the boot process, they must trust Microsoft's keys. The signed GRUB binaries offered by Debian are signed by Debian's keys, so they could be directly booted if Debian's keys were enrolled into the firmware, but doing this will make the MOK system unusable since shim is what provides the MOK UEFI variables to the booted operating system. This would render users unable to use any third-party kernel modules (i.e. NVIDIA drivers) without trusting Microsoft's keys. There is significant incentive for users in security-sensitive situations to distrust Microsoft's key - it is frequently used to sign a variety of software that ends up containing vulnerabilities that allow a complete bypass of Secure Boot, by using the signed, vulnerable software to load unsigned software. Currently though the Secure Boot setup in Debian puts the user in a catch-22 situation where they either have to turn off Secure Boot, live without certain hardware, handle Secure Boot signing themselves, or trust a key that provides security so weak it arguably doesn't even exist. Handling one's own Secure Boot signing is the ideal solution, but it is not trivial. From a conversation in #debian-devel, it appears that signing the shim with both Debian's and Microsoft's key isn't an option because of the risks of buggy firmware not being able to figure out a multi-key situation like this. It's not the perfect solution, but IMO, offering a Debian-signed shim would at least allow a user to install Debian without Secure Boot, then enroll Debian's key, switch the shim to the Debian-signed variant, and then turn Secure Boot on. (It would also allow hardware vendors to do some fancy things, which is why I filed this, I'm working with some firmware people as part of my job and this kind of functionality would potentially be useful for a thing we're designing.) It's not ideal, but it's a decent compromise. It may also work to offer a shim variant signed by both Debian and Microsoft, in addition to the normal Microsoft-signed-only shim.
pgpfE3BvebcvY.pgp
Description: OpenPGP digital signature
