Secure boot

SR OS Secure Boot ensures that the software executed by the system is trusted and originated from Nokia IP routing.

At every boot of the control card, each step in the boot process verifies the digital signature of the next software element to boot for integrity and authenticity up to the SR OS operating system images. This boot sequence forms the chain of trust for Secure Boot. Software image signatures use RSA-4096 keys and SHA-384 hashes.

The Secure Boot chain is rooted in the platform CPM firmware based on UEFI specifications. As such, Nokia Platform Key, Key Exchange Key, allowed and disallowed databases are provisioned in the system when Secure Boot is activated to perform the required signature verification.

Firmware updates are also digitally signed and verified using the same principle. The signature verification of a firmware update is performed at boot time by the existing firmware before the firmware update can proceed.

Secure Boot chain

The Secure Boot chain of trust for SR OS platforms can be visualized with the following diagram.

Figure 1. Secure boot chain of trust

The software images part of the Secure Boot chain varies among SR OS platforms. This list of software images per platform is described in Storage card content and includes the Boot Loader, boot.ldr or ∕EFI∕BOOT∕ and installer images, and the SR OS *.tim software images.

Activate Secure Boot

Secure Boot is enabled, per CPM card, by providing the card slot, card serial number, and confirmation code command options.

Use the following command to activate Secure Boot.

admin system security secure-boot activate card "A" serial-number NS123456789 confirmation-code secure-boot-permanent

The following example shows the warning messages and a prompt for proceeding with Secure Boot activation.

WARNING: CLI This operation will permanently activate secure boot on card A and cannot be reversed.
WARNING: CLI After activation, the system will only accept digitally signed software and will not boot using un-signed software.
WARNING: CLI This operation will immediately reset card A.
WARNING: CLI Configuration and/or Boot options may have changed since the last save.
Are you sure you want to continue (y/n)?

The card serial number and Secure Boot confirmation code are required to avoid activating Secure Boot by mistake in the network. The confirmation code is secure-boot-permanent.

The Secure Boot activate command verifies that the BOF primary image uses the same software release as the currently running software and automatically reboots the designated CPM card if the software release matches. Otherwise, an error is generated in the CLI.

Note: The system also verifies the boot.ldr version against the running software version on applicable platforms. These verifications are made to ensure that the entire boot chain up to the primary image supports Secure Boot before activating Secure Boot and rebooting the CPM.
WARNING: After Secure Boot is activated on a CPM, the capability is permanently enabled and cannot be disabled. The CPM permanently refuses to execute unsigned software for security reasons. As a result, it is not possible to downgrade to a software release published before the release that introduced Secure Boot for a given platform. For example, SR-1s Secure Boot support is introduced in software release 23.7.R1. After activating Secure Boot on this platform the system cannot be downgraded to software releases before 23.7.R1.

Operational commands and logs

This section describes the following:

  • Secure Boot state
  • Software update process
  • Update Secure Boot variables

Secure Boot state

Secure Boot and UEFI variables Secure Boot keys status is available per CPM.

Use the following command to display Secure Boot state information.

show card A detail
Hardware Data
    Secure boot status            : enabled
    UEFI variables status         : ok

where

  • Secure Boot status — indicates if Secure Boot is enabled or disabled
  • UEFI variables status — indicates if Secure Boot variables need updating

The system records at every boot in the security log if Secure Boot is enabled or disabled per CPM. The following is an example of such a log message.

24 2023/05/17 06:09:03.140 EDT MAJOR: SECURITY #2241 Base Card A
"CPM A has booted with a secure-boot status of enabled"

Secure Boot UEFI variables can be obtained per CPM card using the following command:

  • MD-CLI and NETCONF
    perform system security secure-boot show uefi-variables card
  • classic CLI
    tools dump system security secure-boot uefi-var card

The command displays the following x509 certificates and SHA-256 hash UEFI variables:

  • Platform Key (PK)
  • Key Exchange Key (KEK)
  • Allowed Database (DB)
  • Disallowed Database (DBx)

Software update

After Secure Boot is enabled, and before upgrading to a new software release, the user should validate that the new software image is properly signed. The main reason for this additional verification on systems with Secure Boot enabled is because the system only boots Nokia-signed software images and will not boot unsigned or improperly signed images.

Use the following command to validate the signature of the TiMOS *.tim images contained in the software-image url location referenced in the command. This verification includes cpm.tim, iom.tim, support.tim both.tim, kernel.tim, as well as the boot.ldr if present in CF3: directory.

admin system security secure-boot validate software-image url

Update Secure Boot variables

The system supports Secure Boot UEFI key updates and revocation using the following commands.

admin system security secure-boot update-key
admin system security secure-boot revoke-key