Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: systemd (Ubuntu Noble)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/2088069
Title:
systemd-stub should provide a way to be forced to use handover
Status in systemd package in Ubuntu:
Confirmed
Status in systemd source package in Noble:
Confirmed
Status in systemd source package in Oracular:
Confirmed
Bug description:
Since systemd 252, systemd-stub does LoadImage/StartImage to executed
the kernel in the .linux section.
See origin PR: https://github.com/systemd/systemd/pull/24777
Before, it was using the "EFI handover protocol". Unfortunately kernel
handover is now deprecated. Also it was only for x86, and missing some
features. So upstream decided to use LoadImage/StartImage.
In order to use LoadImage, it needs to be able to prevent signature
verification and measurement. Because the .linux section is part of
the UKI that is already signed and measured. Do that that, it
overrides the functions in security architectural protocols.
Security architectural protocols are part of the platform
initialization specifications. They are optional in these
specifications, and the platform initialization specifications are
optional by themselves. So some UEFI firmware will not support
systemd-stub.
For upstream this is not really an issue. UKIs are still something new
that has not been used by many distributions yet. And there is
probably not that many firmware that does not support the needed
features.
However, Ubuntu Core has been shipping UKIs since Ubuntu Core 20. And
kernel handover has been in use by users that have firmware that do
not support the needed features.
The bugs that can be caused are:
* If EFI_SECURITY2_ARCH_PROTOCOL is not implemented, there will be a
spurious measurement of the .linux section on PCR 4. We have observed this
behavior in the wild.
* If EFI_SECURITY_ARCH_PROTOCOL is not implemented, this should generate a
"security violation" error. This is hypothetical. We have not yet observed this.
Ubuntu Core 24 uses systemd-stub with LoadImage/StartImage. That means
some users cannot upgrade from Ubuntu Core 22 to Ubuntu Core 24.
systemd-stub still has a fallback to handover entry point if the
embedded kernel is too old to support the PE/COFF entry point. The
kernel from 24.04 does support both LoadImage/StartImage and handover.
That means systemd-stub will always use LoadImage, and never the
handover.
We need to be able to force systemd-stub to use handover for some of
our users.
Ubuntu Core supports kernel command line changes from the gadget
(since we use PCR12 as part of the PCR policies to unseal storage
keys, it is safe). So it is easy to pass the information to enable
handover that way. So I propose we look for the "signal" there and
force handover.
Here is my proposed patch:
https://gist.github.com/valentindavid/7ab6247c8fe0d3a91d089d201e160ba4
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/2088069/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
