Translate

Archives

Decode Microsoft Secure Boot KEK Certificate

Version 2.3.1 of the UEFI specification included Secure Boot. There have also been numerous blog posts about Secure Boot of the past year so I am not going to go into how it works here. Read chapter 27 of the specification if you need to know the gory details. Suffice to say that Microsoft has mandated the use of Secure Boot for non-server versions of Windows 8 and the Linux community has to deal with that decision.

In another post I showed readers of my blog how to read authenticated variable(s) from NVRAM and save the contents of the variable to a file. Authenticated variables include the PK (Platform Key), one or more KEKs (Key Enrollment Key), db and dbx. Collectively these four variables are known as the Secure Boot Keys.

As of the date of this blog post, there are two KEK certificates enrolled on Lenovo laptops that are enabled for Windows 8. Each of these is a DER encoded binary X509 certificate, One belongs to Lenovo and the other belongs to Microsoft. In this post, I examine the Microsoft KEK certificate that Lenovo is currently using on their laptops to enable Windows 8. To do that, I wrote the following simple utility to output the contents of the saved KEK in a human readable format:

//
//   Copyright (c) 2012  Finnbarr P. Murphy.  All rights reserved.
//

#include <stdio.h>
#include <string.h>
#include <errno.h>
#include <fcntl.h>
#include <unistd.h>

#include <openssl/x509.h>
#include <openssl/bio.h>

int 
main(int argc, char **argv)
{
    X509 *x509;
    unsigned char buffer[5000];
    char *pData = buffer;
    size_t lenData;
    int f, fileLen = 0;

    f = open("KEK.bin", O_RDONLY);
    if (!f) {
       fprintf(stderr, "ERROR: Opening file failed: %s\n", strerror(errno));
       return 1;
    }

    fileLen = lseek(f, 0, SEEK_END);
    lseek(f, 0, SEEK_SET);
    lenData = read(f, pData, fileLen);
    close(f);

    BIO *input  = BIO_new_mem_buf((void*)pData, lenData);
    BIO *output = BIO_new_fp(stdout,BIO_NOCLOSE);

    x509 = d2i_X509_bio(input, NULL); 
    if (x509) 
        X509_print_ex(output, x509, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
    else 
        fprintf(stderr, "ERROR: Unable to parse file\n");

    BIO_free_all(output);
    BIO_free_all(input);
    
    return 0;
}


You can use the following command to build the utility:

gcc -o decodeX509 decodeX509.c -lssl -lcrypto


Assuming that the KEK variable contents were saved to a file called KEK.bin in your current directory, here is what is outputted when you run the utility:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:0a:d1:88:00:00:00:00:00:03
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation Third Party Marketplace Root
        Validity
            Not Before: Jun 24 20:41:29 2011 GMT
            Not After : Jun 24 20:51:29 2026 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation KEK CA 2011
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:c4:e8:b5:8a:bf:ad:57:26:b0:26:c3:ea:e7:fb:
                    57:7a:44:02:5d:07:0d:da:4a:e5:74:2a:e6:b0:0f:
                    ec:6d:eb:ec:7f:b9:e3:5a:63:32:7c:11:17:4f:0e:
                    e3:0b:a7:38:15:93:8e:c6:f5:e0:84:b1:9a:9b:2c:
                    e7:f5:b7:91:d6:09:e1:e2:c0:04:a8:ac:30:1c:df:
                    48:f3:06:50:9a:64:a7:51:7f:c8:85:4f:8f:20:86:
                    ce:fe:2f:e1:9f:ff:82:c0:ed:e9:cd:ce:f4:53:6a:
                    62:3a:0b:43:b9:e2:25:fd:fe:05:f9:d4:c4:14:ab:
                    11:e2:23:89:8d:70:b7:a4:1d:4d:ec:ae:e5:9c:fa:
                    16:c2:d7:c1:cb:d4:e8:c4:2f:e5:99:ee:24:8b:03:
                    ec:8d:f2:8b:ea:c3:4a:fb:43:11:12:0b:7e:b5:47:
                    92:6c:dc:e6:04:89:eb:f5:33:04:eb:10:01:2a:71:
                    e5:f9:83:13:3c:ff:25:09:2f:68:76:46:ff:ba:4f:
                    be:dc:ad:71:2a:58:aa:fb:0e:d2:79:3d:e4:9b:65:
                    3b:cc:29:2a:9f:fc:72:59:a2:eb:ae:92:ef:f6:35:
                    13:80:c6:02:ec:e4:5f:cc:9d:76:cd:ef:63:92:c1:
                    af:79:40:84:79:87:7f:e3:52:a8:e8:9d:7b:07:69:
                    8f:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            1.3.6.1.4.1.311.21.1: 
                ...
            X509v3 Subject Key Identifier: 
                62:FC:43:CD:A0:3E:A4:CB:67:12:D2:5B:D9:55:AC:7B:CC:B6:8A:5F
            1.3.6.1.4.1.311.20.2: 
                .
.S.u.b.C.A
            X509v3 Key Usage: 
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Authority Key Identifier: 
                keyid:45:66:52:43:E1:7E:58:11:BF:D6:4E:9E:23:55:08:3B:3A:22:6A:A8

            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:http://crl.microsoft.com/pki/crl/products/MicCorThiParMarRoo_2010-10-05.crl

            Authority Information Access: 
                CA Issuers - URI:http://www.microsoft.com/pki/certs/MicCorThiParMarRoo_2010-10-05.crt

    Signature Algorithm: sha256WithRSAEncryption
        d4:84:88:f5:14:94:18:02:ca:2a:3c:fb:2a:92:1c:0c:d7:a0:
        d1:f1:e8:52:66:a8:ee:a2:b5:75:7a:90:00:aa:2d:a4:76:5a:
        ea:79:b7:b9:37:6a:51:7b:10:64:f6:e1:64:f2:02:67:be:f7:
        a8:1b:78:bd:ba:ce:88:58:64:0c:d6:57:c8:19:a3:5f:05:d6:
        db:c6:d0:69:ce:48:4b:32:b7:eb:5d:d2:30:f5:c0:f5:b8:ba:
        78:07:a3:2b:fe:9b:db:34:56:84:ec:82:ca:ae:41:25:70:9c:
        6b:e9:fe:90:0f:d7:96:1f:e5:e7:94:1f:b2:2a:0c:8d:4b:ff:
        28:29:10:7b:f7:d7:7c:a5:d1:76:b9:05:c8:79:ed:0f:90:92:
        9c:c2:fe:df:6f:7e:6c:0f:7b:d4:c1:45:dd:34:51:96:39:0f:
        e5:5e:56:d8:18:05:96:f4:07:a6:42:b3:a0:77:fd:08:19:f2:
        71:56:cc:9f:86:23:a4:87:cb:a6:fd:58:7e:d4:69:67:15:91:
        7e:81:f2:7f:13:e5:0d:8b:8a:3c:87:84:eb:e3:ce:bd:43:e5:
        ad:2d:84:93:8e:6a:2b:5a:7c:44:fa:52:aa:81:c8:2d:1c:bb:
        e0:52:df:00:11:f8:9a:3d:c1:60:b0:e1:33:b5:a3:88:d1:65:
        19:0a:1a:e7:ac:7c:a4:c1:82:87:4e:38:b1:2f:0d:c5:14:87:
        6f:fd:8d:2e:bc:39:b6:e7:e6:c3:e0:e4:cd:27:84:ef:94:42:
        ef:29:8b:90:46:41:3b:81:1b:67:d8:f9:43:59:65:cb:0d:bc:
        fd:00:92:4f:f4:75:3b:a7:a9:24:fc:50:41:40:79:e0:2d:4f:
        0a:6a:27:76:6e:52:ed:96:69:7b:af:0f:f7:87:05:d0:45:c2:
        ad:53:14:81:1f:fb:30:04:aa:37:36:61:da:4a:69:1b:34:d8:
        68:ed:d6:02:cf:6c:94:0c:d3:cf:6c:22:79:ad:b1:f0:bc:03:
        a2:46:60:a9:c4:07:c2:21:82:f1:fd:f2:e8:79:32:60:bf:d8:
        ac:a5:22:14:4b:ca:c1:d8:4b:eb:7d:3f:57:35:b2:e6:4f:75:
        b4:b0:60:03:22:53:ae:91:79:1d:d6:9b:41:1f:15:86:54:70:
        b2:de:0d:35:0f:7c:b0:34:72:ba:97:60:3b:f0:79:eb:a2:b2:
        1c:5d:a2:16:b8:87:c5:e9:1b:f6:b5:97:25:6f:38:9f:e3:91:
        fa:8a:79:98:c3:69:0e:b7:a3:1c:20:05:97:f8:ca:14:ae:00:
        d7:c4:f3:c0:14:10:75:6b:34:a0:1b:b5:99:60:f3:5c:b0:c5:
        57:4e:36:d2:32:84:bf:9e


As you can see from the above, there is nothing special about this Microsoft X509 certificate. I have not checked but I would assume that all Windows 8 platforms are using the same certificate.

Currently, there is a lot of FUD about Secure Boot from the Linux community. In my opinion Secure Boot is a very useful technology for hardening systems and, over time, will become ubiquitous and easy to use once the various competing interests (egos?) within the Linux development community agree on a single comprehensive solution.

Comments are closed.