On Tue, 2021-08-31 at 19:51 -0600, Eric Snowberg wrote:

quoted

On Aug 31, 2021, at 6:52 PM, Nayna [off-list ref] wrote:
On 8/30/21 1:39 PM, Eric Snowberg wrote:

quoted

quoted

On Aug 27, 2021, at 2:44 PM, Nayna [off-list ref] wrote:
On 8/25/21 6:27 PM, James Bottomley wrote:

quoted

Remember, a CA cert is a self signed cert with the CA:TRUE basic
constraint.  Pretty much no secure boot key satisfies this (secure boot
chose deliberately NOT to use CA certificates, so they're all some type
of intermediate or leaf), so the design seems to be only to pick out
the CA certificates you put in the MOK keyring.  Adding the _ca suffix
may deflect some of the "why aren't all my MOK certificates in the
keyring" emails ...

My understanding is the .system_ca keyring should not be restricted only
to self-signed CAs (Root CA). Any cert that can qualify as Root or
Intermediate CA with Basic Constraints CA:TRUE should be allowed. In
fact, the intermediate CA certificates closest to the leaf nodes would be
best.

With an intermediate containing CA:TRUE, the intermediate cert would not
be self signed. Just for my clarification, does this mean I should remove
the check that validates if it is self signed and instead somehow check if
the CA flag is set?  Wouldn’t this potentially allow improperly signed certs
into this new keyring?

In this model, we are relying on the admin to ensure the authenticity of the certificate(s) being loaded onto the new keyring. It is similar to trusting the admin to enable the variable and add keys to MOK. Following are the checks that must pass before adding it to .system_ca keyring.

1. Check against revocation_list.
2. Check Basic Constraints: CA=TRUE.
3. Check keyUsage = keyCertSign.

Originally I thought the request to only load CA certs into this new keyring 
was so root of trust could be validated for the entire chain.  If a portion
of the model now relies on the admin to ensure authenticity, and the complete
chain is not needed, why not have the admin also check for #2 and #3? Meaning,
when the Kconfig option is enabled and the new MokListTrustedRT UEFI is set, 
whatever the admin has placed in the MOKList goes into this new keyring.

The root of trust for the new "machine" keyring, at least in the UEFI
use case, is registering keys in the MOK db, which requires physical
presence.  So we're trusting the MOK db, which means we're really
trusting both the admin and UEFI to do the right things.  There is no
harm in verifying the CA assumption when loading the certs onto the
"machine" keyring.

From an IMA perspective, all that is needed to sign an IMA custom
policy and local code is the ability to load a single self-signed CA
certificate.  So the self-signed CA restriction is fine.  Obviously
other use cases are being discussed here.  If the other use cases want
to relax the self-signed CA restriction to allow intermediary CA's, it
should be explicitly called out in a separate patch, with its own patch
description, providing the motivation.

thanks,

Mimi