Public bug reported: [Availability]
Currently in universe [Rationale] stubble is an EFI boot stub that can be combined with a linux kernel image and device-tree binaries into a self-executing PE UEFI executable that will load device specific device-trees before passing control to Linux. This will allow us to enabled UEFI secure boot on devices where dtb management has to be done by the OS rather than by firmware. We want stubble to be part of our default kernel binary on arm64. While stubble is technically a kernel build dependency, it will also literally be part of the produced kernel binary, so it should really be in main. [Security] stubble is originally based on the systemd-stub(1) used in UKI with lots of features that we don't need removed. This results in a relatively small and easy to review binary. I have worked closely with our secure boot experts to make sure we get everything right in regards to shim compliance. We have also submitted review requests with shim upstream. An additional review from the security team would be welcome. [Quality assurance] The resulting kernel image will be covered by all arm64 kernel tests as soon as it becomes the default. Currently stubble based kernels are already deployed as part of the Ubuntu Concept images to catch potential issues early. mkukri has been looking into adding stubble kernels to https://code.launchpad.net/~ubuntu-uefi-team/+git/ubuntu-boot-test to have them in our official boot test suite. [Maintenance/Owner] Owned by the Foundations team. [Background information] For arm64 laptops we need a way to load device trees during boot, since Linux support depends on them and the firmware doesn't provide any. With our current boot stack this would traditionally be done in grub, but that would break UEFI secure boot since grub only handles unsigned dtb files and the devicetree command is prohibited in lockdown mode. The proposed solution is a UEFI boot stub called stubble[1] that is combined with the Linux kernel and dtb files in a single self-executing binary (similar to systemd UKI). The stub is open source and originally a fork of the systemd-stub which we adjusted for our use case. We essentially removed all code except for the parts which handle device tree loading and booting the embedded Linux kernel. Since all of this happens within a single PE binary all of kernel, stub and dtbs can be signed and verified by shim. The implementation intentionally stays close to systemd because we are aware that the systemd codebase is well trusted and has been reviewed and approved for signing before. The biggest change compared to systemd is the size of the codebase. In stubble, we have deleted around 7500 lines of C code since the initial fork according to git, leaving us with 6000 lines of C source code and headers. In particular the stub does not support UKI addons or extensions, embedded command line, ucode, splash images, profiles, legacy boot flows, automatically constructed initrd and thus cpio support and a lot more. One major difference is that bundling of an initrd is optional. Stubble does allow external unsigned initrds loaded by grub to ensure the new bundled stub+kernel behave exactly like a raw kernel image would. Since this is also allowed in the current default boot architecture without stub, it should not be problematic. In contrast to systemd we include a CHID database in the source code repo inside the hwids/ directory. It includes raw text dumps of the device CHIDs, a tool to filter and transform them into json files compatible with ukify and the generated json files. Switching the default to stubble kernel images will also allow us to drop our current debian-cd grub config which provides a giant if...else clause implementing a similar dtb loading mechanism, see https://git.launchpad.net/~ubuntu-cdimage/debian-cd/+git/ubuntu/tree/tools/boot/questing/boot-arm64#n90 ** Affects: stubble (Ubuntu) Importance: Undecided Status: New ** Description changed: [Availability] Currently in universe [Rationale] stubble is an EFI boot stub that can be combined with a linux kernel image and device-tree binaries into a self-executing PE UEFI executable that will load device specific device-trees before passing control to Linux. This will allow us to enabled UEFI secure boot on devices where dtb management has to be done by the OS rather than by firmware. We want stubble to be part of our default kernel binary on arm64. While stubble is technically a kernel build dependency, it will also literally be part of the produced kernel - binary, so it should really be in main. + binary, so it should really be in main. [Security] stubble is originally based on the systemd-stub(1) used in UKI with lots of features that we don't need removed. This results in a relatively small and easy to review binary. I have worked closely with our - secure boot experts to make sure we get everything right in regards to shim compliance. We have also submitted review requests with shim upstream. + secure boot experts to make sure we get everything right in regards to shim compliance. + We have also submitted review requests with shim upstream. An additional review from the security team would be welcome. [Quality assurance] The resulting kernel image will be covered by all arm64 kernel tests as soon as it becomes the default. Currently stubble based kernels are already deployed as part of the Ubuntu Concept images to catch potential issues early. mkukri has been looking into adding stubble kernels to https://code.launchpad.net/~ubuntu-uefi-team/+git/ubuntu-boot-test to have them in our official boot test suite. [Maintenance/Owner] Owned by the Foundations team. [Background information] - For arm64 laptops we need a way to load device trees during boot, + For arm64 laptops we need a way to load device trees during boot, since Linux support depends on them and the firmware doesn't provide any. With our current boot stack this would traditionally be done in grub, but that would break UEFI secure boot since grub only handles unsigned dtb files and the devicetree command is prohibited in lockdown mode. The proposed solution is a UEFI boot stub called stubble[1] that is combined with the Linux kernel and dtb files in a single self-executing binary (similar to systemd UKI). The stub is open source and originally a fork of the systemd-stub which we adjusted for our use case. We essentially removed all code except for the parts which handle device tree loading and booting the embedded Linux kernel. Since all of this happens within a single PE binary all of kernel, stub and dtbs can be signed and verified by shim. The implementation intentionally stays close to systemd because we are aware that the systemd codebase is well trusted and has been reviewed and approved for signing before. The biggest change compared to systemd is the size of the codebase. In stubble, we have deleted around 7500 lines of C code since the initial fork according to git, leaving us with 6000 lines of C source code and headers. In particular the stub does not support UKI addons or extensions, embedded command line, ucode, splash images, profiles, legacy boot flows, automatically constructed initrd and thus cpio support and a lot more. One major difference is that bundling of an initrd is optional. Stubble does allow external unsigned initrds loaded by grub to ensure the new bundled stub+kernel behave exactly like a raw kernel image would. Since this is also allowed in the current default boot architecture without stub, it should not be problematic. In contrast to systemd we include a CHID database in the source code repo inside the hwids/ directory. It includes raw text dumps of the device CHIDs, a tool to filter and transform them into json files compatible with ukify and the generated json files. Switching the default to stubble kernel images will also allow us to drop our current debian-cd grub config which provides a giant if...else clause implementing a similar dtb loading mechanism, see https://git.launchpad.net/~ubuntu-cdimage/debian-cd/+git/ubuntu/tree/tools/boot/questing/boot-arm64#n90 ** Description changed: [Availability] Currently in universe [Rationale] - stubble is an EFI boot stub that can be combined with a linux kernel image and device-tree binaries - into a self-executing PE UEFI executable that will load device specific device-trees before passing - control to Linux. This will allow us to enabled UEFI secure boot on devices where dtb management has - to be done by the OS rather than by firmware. + stubble is an EFI boot stub that can be combined with a linux kernel + image and device-tree binaries into a self-executing PE UEFI executable + that will load device specific device-trees before passing control to + Linux. This will allow us to enabled UEFI secure boot on devices where + dtb management has to be done by the OS rather than by firmware. - We want stubble to be part of our default kernel binary on arm64. While stubble is technically a - kernel build dependency, it will also literally be part of the produced kernel - binary, so it should really be in main. + We want stubble to be part of our default kernel binary on arm64. While + stubble is technically a kernel build dependency, it will also literally + be part of the produced kernel binary, so it should really be in main. [Security] - stubble is originally based on the systemd-stub(1) used in UKI with lots of features that we don't need - removed. This results in a relatively small and easy to review binary. I have worked closely with our - secure boot experts to make sure we get everything right in regards to shim compliance. + stubble is originally based on the systemd-stub(1) used in UKI with lots of features that we don't need removed. This results in a relatively small and easy to review binary. I have worked closely with our secure boot experts to make sure we get everything right in regards to shim compliance. We have also submitted review requests with shim upstream. An additional review from the security team would be welcome. [Quality assurance] - The resulting kernel image will be covered by all arm64 kernel tests as soon as it becomes the default. - Currently stubble based kernels are already deployed as part of the Ubuntu Concept images to catch potential issues early. + The resulting kernel image will be covered by all arm64 kernel tests as + soon as it becomes the default. Currently stubble based kernels are + already deployed as part of the Ubuntu Concept images to catch potential + issues early. mkukri has been looking into adding stubble kernels to https://code.launchpad.net/~ubuntu-uefi-team/+git/ubuntu-boot-test to have them in our official boot test suite. [Maintenance/Owner] Owned by the Foundations team. [Background information] - For arm64 laptops we need a way to load device trees during boot, - since Linux support - depends on them and the firmware doesn't provide any. - With our current boot stack this would traditionally be done in grub, - but that would break - UEFI secure boot since grub only handles unsigned dtb files and the - devicetree command - is prohibited in lockdown mode. + For arm64 laptops we need a way to load device trees during boot, + since Linux support depends on them and the firmware doesn't provide any. With our current boot stack this would traditionally be done in grub, but that would break UEFI secure boot since grub only handles unsigned dtb files and the devicetree command is prohibited in lockdown mode. - The proposed solution is a UEFI boot stub called stubble[1] that is - combined with the Linux - kernel and dtb files in a single self-executing binary (similar to - systemd UKI). + The proposed solution is a UEFI boot stub called stubble[1] that is combined with the Linux kernel and dtb files in a single self-executing binary (similar to systemd UKI). The stub is open source and originally a fork of the systemd-stub - which we adjusted for our - use case. We essentially removed all code except for the parts which - handle device tree loading - and booting the embedded Linux kernel. - Since all of this happens within a single PE binary all of kernel, - stub and dtbs can be signed and - verified by shim. + which we adjusted for our use case. We essentially removed all code except for the parts which handle device tree loading and booting the embedded Linux kernel. + Since all of this happens within a single PE binary all of kernel, stub and dtbs can be signed and verified by shim. The implementation intentionally stays close to systemd because we are aware that the systemd codebase is well trusted and has been reviewed and approved for signing before. - The biggest change compared to systemd is the size of the codebase. - In stubble, we have deleted around 7500 lines of C code since the - initial fork according to git, leaving us with 6000 lines of C source - code and headers. In particular the stub does not support UKI addons - or extensions, embedded command line, ucode, splash images, profiles, + The biggest change compared to systemd is the size of the codebase. In + stubble, we have deleted around 7500 lines of C code since the initial + fork according to git, leaving us with 6000 lines of C source code and + headers. In particular the stub does not support UKI addons or + extensions, embedded command line, ucode, splash images, profiles, legacy boot flows, automatically constructed initrd and thus cpio support and a lot more. One major difference is that bundling of an initrd is optional. - Stubble does allow external unsigned initrds loaded by grub to ensure - the new bundled stub+kernel behave exactly like a raw kernel image - would. - Since this is also allowed in the current default boot architecture - without stub, it should not be problematic. + Stubble does allow external unsigned initrds loaded by grub to ensure the new bundled stub+kernel behave exactly like a raw kernel image would. + Since this is also allowed in the current default boot architecture without stub, it should not be problematic. In contrast to systemd we include a CHID database in the source code - repo inside the hwids/ directory. It includes raw text dumps of the device - CHIDs, a tool to filter and transform them into json files compatible with - ukify and the generated json files. + repo inside the hwids/ directory. It includes raw text dumps of the + device CHIDs, a tool to filter and transform them into json files + compatible with ukify and the generated json files. - Switching the default to stubble kernel images will also allow us to drop - our current debian-cd grub config which provides a giant if...else clause - implementing a similar dtb loading mechanism, see + Switching the default to stubble kernel images will also allow us to drop our current debian-cd grub config which provides a giant if...else clause implementing a similar dtb loading mechanism, see https://git.launchpad.net/~ubuntu-cdimage/debian-cd/+git/ubuntu/tree/tools/boot/questing/boot-arm64#n90 ** Description changed: [Availability] Currently in universe [Rationale] stubble is an EFI boot stub that can be combined with a linux kernel image and device-tree binaries into a self-executing PE UEFI executable that will load device specific device-trees before passing control to Linux. This will allow us to enabled UEFI secure boot on devices where dtb management has to be done by the OS rather than by firmware. We want stubble to be part of our default kernel binary on arm64. While stubble is technically a kernel build dependency, it will also literally be part of the produced kernel binary, so it should really be in main. [Security] stubble is originally based on the systemd-stub(1) used in UKI with lots of features that we don't need removed. This results in a relatively small and easy to review binary. I have worked closely with our secure boot experts to make sure we get everything right in regards to shim compliance. We have also submitted review requests with shim upstream. An additional review from the security team would be welcome. [Quality assurance] The resulting kernel image will be covered by all arm64 kernel tests as soon as it becomes the default. Currently stubble based kernels are already deployed as part of the Ubuntu Concept images to catch potential issues early. mkukri has been looking into adding stubble kernels to https://code.launchpad.net/~ubuntu-uefi-team/+git/ubuntu-boot-test to have them in our official boot test suite. [Maintenance/Owner] Owned by the Foundations team. [Background information] - For arm64 laptops we need a way to load device trees during boot, - since Linux support depends on them and the firmware doesn't provide any. With our current boot stack this would traditionally be done in grub, but that would break UEFI secure boot since grub only handles unsigned dtb files and the devicetree command is prohibited in lockdown mode. + For arm64 laptops we need a way to load device trees during boot, since + Linux support depends on them and the firmware doesn't provide any. With + our current boot stack this would traditionally be done in grub, but + that would break UEFI secure boot since grub only handles unsigned dtb + files and the devicetree command is prohibited in lockdown mode. The proposed solution is a UEFI boot stub called stubble[1] that is combined with the Linux kernel and dtb files in a single self-executing binary (similar to systemd UKI). The stub is open source and originally a fork of the systemd-stub which we adjusted for our use case. We essentially removed all code except for the parts which handle device tree loading and booting the embedded Linux kernel. Since all of this happens within a single PE binary all of kernel, stub and dtbs can be signed and verified by shim. The implementation intentionally stays close to systemd because we are aware that the systemd codebase is well trusted and has been reviewed and approved for signing before. The biggest change compared to systemd is the size of the codebase. In stubble, we have deleted around 7500 lines of C code since the initial fork according to git, leaving us with 6000 lines of C source code and headers. In particular the stub does not support UKI addons or extensions, embedded command line, ucode, splash images, profiles, legacy boot flows, automatically constructed initrd and thus cpio support and a lot more. One major difference is that bundling of an initrd is optional. Stubble does allow external unsigned initrds loaded by grub to ensure the new bundled stub+kernel behave exactly like a raw kernel image would. Since this is also allowed in the current default boot architecture without stub, it should not be problematic. In contrast to systemd we include a CHID database in the source code repo inside the hwids/ directory. It includes raw text dumps of the device CHIDs, a tool to filter and transform them into json files compatible with ukify and the generated json files. Switching the default to stubble kernel images will also allow us to drop our current debian-cd grub config which provides a giant if...else clause implementing a similar dtb loading mechanism, see https://git.launchpad.net/~ubuntu-cdimage/debian-cd/+git/ubuntu/tree/tools/boot/questing/boot-arm64#n90 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2120322 Title: [MIR] stubble To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/stubble/+bug/2120322/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
