您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

安全启动Secure Boot

安全启动是 统一可扩展固件接口 (UEFI) 的一项功能,需要在加载之前验证所有低级固件和软件组件。Secure Boot is a feature of the Unified Extensible Firmware Interface (UEFI) that requires all low-level firmware and software components to be verified prior to loading. 在启动过程中,UEFI 安全启动检查每个启动软件的签名,其中包括 UEFI 固件驱动程序 (也称为选项 Rom) 、可扩展固件接口 (EFI) 应用程序以及操作系统驱动程序和二进制文件。During boot, UEFI Secure Boot checks the signature of each piece of boot software, including UEFI firmware drivers (also known as option ROMs), Extensible Firmware Interface (EFI) applications, and the operating system drivers and binaries. 如果签名 (OEM) 的原始设备制造商有效或信任,则计算机将启动,并且固件会向操作系统提供控制权。If the signatures are valid or trusted by the Original Equipment Manufacturer (OEM), the machine boots and the firmware gives control to the operating system.

组件和过程Components and process

安全引导依赖于以下关键组件:Secure Boot relies on these critical components:

  • 平台键 (PK) -在平台所有者 (Microsoft) 和固件之间建立信任。Platform key (PK) - Establishes trust between the platform owner (Microsoft) and the firmware. Public 一半是 PKpub,而 private 一半是 PKpriv。The public half is PKpub and the private half is PKpriv.
  • 密钥注册密钥数据库 (KEK) -在 OS 和平台固件之间建立信任。Key enrollment key database (KEK) - Establishes trust between the OS and the platform firmware. Public 一半是 KEKpub,而 private 一半是 KEKpriv。The public half is KEKpub and the private half is KEKpriv.
  • 签名数据库 (db) -保存受信任签署者 (公钥和证书的摘要,这些摘要和证书) 授权与平台固件交互的固件和软件模块。Signature database (db) - Holds the digests for trusted signers (public keys and certificates) of the firmware and software code modules authorized to interact with platform firmware.
  • 已吊销的签名数据库 (.dbx) –持有已被识别为恶意、易受攻击、已泄露或不受信任的代码模块的摘要。Revoked signatures database (dbx) – Holds revoked digests of code modules that have been identified to be malicious, vulnerable, compromised, or untrusted. 如果哈希位于签名数据库和吊销的签名数据库中,则已吊销的签名数据库采用引用单元。If a hash is in the signature db and the revoked signatures db, the revoked signatures database takes precedent.

下图和进程说明了如何更新这些组件:The following figure and process explains how these components are updated:

显示安全启动组件的关系图。

OEM 在生产时 (NV RAM) 在计算机的非易失性 RAM 上存储安全启动摘要。The OEM stores the Secure Boot digests on the machine’s nonvolatile RAM (NV-RAM) at the time of manufacturing.

  1. 签名数据库 (db) 由 UEFI 应用程序、操作系统加载器 ((如 Microsoft 操作系统加载程序或启动管理器) )和受信任的 UEFI 驱动程序的签名者或映像哈希填充。The signature database (db) is populated with the signers or image hashes of UEFI applications, operating system loaders (such as the Microsoft Operating System Loader or Boot Manager), and UEFI drivers that are trusted.
  2. 已吊销的签名数据库 (.dbx) 会用不再受信任的模块的摘要填充。The revoked signatures database (dbx) is populated with digests of modules that are no longer trusted.
  3. (KEK) 数据库的密钥注册密钥使用可用于更新签名数据库和吊销的签名数据库的签名密钥进行填充。The key enrollment key (KEK) database is populated with signing keys that can be used to update the signature database and revoked signatures database. 可以通过使用正确的密钥签名的更新或通过使用固件菜单的实际授权用户进行更新来编辑数据库。The databases can be edited via updates that are signed with the correct key or via updates by a physically present authorized user using firmware menus.
  4. 添加 db、.dbx 和 KEK 数据库并完成最终固件验证和测试后,OEM 会锁定固件以进行编辑,并 (PK) 生成平台密钥。After the db, dbx, and KEK databases have been added and final firmware validation and testing is complete, the OEM locks the firmware from editing and generates a platform key (PK). PK 可用于对 KEK 的更新进行签名,或关闭安全启动。The PK can be used to sign updates to the KEK or to turn off Secure Boot.

在启动过程中的每个阶段,将计算固件、启动程序、操作系统、内核驱动程序和其他启动链项目的摘要,并将其与可接受的值进行比较。During each stage in the boot process, the digests of the firmware, bootloader, operating system, kernel drivers, and other boot chain artifacts are calculated and compared to acceptable values. 不允许加载不受信任的固件和软件。Firmware and software that are discovered to be untrusted are not allowed to load. 因此,可能会阻止低级恶意软件注入或预启动恶意软件攻击。Thus, low-level malware injection or pre-boot malware attacks can be blocked.

在 Azure 汽油上安全启动Secure Boot on the Azure fleet

如今,载入并部署到用于托管客户工作负荷的 Azure 计算的每台计算机都是在启用了安全启动的工厂楼层中进行的。Today, every machine that is onboarded and deployed to the Azure compute fleet to host customer workloads comes from factory floors with Secure Boot enabled. 在硬件 ring 和集成管道中的每个阶段都有目标工具和过程,以确保不会因意外或恶意目的而恢复安全启动。Targeted tooling and processes are in place at every stage in the hardware buildout and integration pipeline to ensure that Secure Boot enablement is not reverted either by accident or by malicious intent.

验证 db 和 .dbx 摘要是否正确可确保:Validating that the db and dbx digests are correct ensures:

  • 加载项存在于其中一个 db 条目中Bootloader is present in one of the db entries
  • 引导程序的签名有效Bootloader’s signature is valid
  • 主机通过受信任的软件启动Host boots with trusted software

验证 KEKpub 和 PKpub 的签名后,可以确认只有可信方有权修改被视为受信任的软件的定义。By validating the signatures of KEKpub and PKpub, we can confirm that only trusted parties have permission to modify the definitions of what software is considered trusted. 最后,通过确保安全启动处于活动状态,我们可以验证是否强制执行这些定义。Lastly, by ensuring that secure boot is active, we can validate that these definitions are being enforced.

后续步骤Next steps

若要详细了解如何驱动平台的完整性和安全性,请参阅:To learn more about what we do to drive platform integrity and security, see: