Immutable Debian systems using shim and systemd-boot
Speaker: Tobias Deiminger
Track: Main Track
Type: Regular Talk
Room: Campo Foyez (Main Track)
Time: Aug 30 (Sun): 09:45
Duration: 0:45
Immutable systems are a state-of-the-art response to certain security threats for embedded systems. While secure boot only verifies the boot chain up to (and including) Linux, immutable systems additionally verify the integrity of the root file system (RFS) with all applications. A pattern using dm-verity was made popular in the embedded industry by related work from e.g. Jan Kiszka, Christian Storm [1][2] and Manuel Traut [3]. More recently, new specifications like shim SBAT and UKI add-ons have emerged, enabling a more maintainable workflow and new features:
- The dm-verity roothash can be deployed as a cmdline snippet in a separately signed UKI add-on. This decouples main UKI generation from roothash signing which allows for more maintainable CI-based signing workflow.
- SBAT can be used for rollback protection of boot components. Since the roothash is wrapped in a UKI add-on, this rollback protection can be extended to the whole RFS.
- Enrolling UEFI keys to the device during manufacturing process.
- swupdate integration of systemd-bless-boot to mark successful updates and trigger automatic rollback on failure.
The talk demonstrates the setup of such a system from building it using the ELBE RFS build tool, pulling from Debian trixie, signing all parts, provisioning key material, updating to a new version and revoking a certain boot component version.
It will be presented taking QEMU as an exemplary target system, but can be adapted to a broad range of real embedded targets thanks to UEFI or U-Boot’s UEFI emulation on boards without native UEFI firmware.
For production usage, signing locally is usually not an option. Therefore the talk also demonstrates how to reuse Debian’s signing-templates workflow in manufacturer’s CI outside Debian infrastructure using the small opensighub wrapper tool.