Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How to Configure the Linux Agent for Secure Boot

App Control: How to Configure the Linux Agent for Secure Boot

Environment

  • App Control Linux Agent: All Supported Versions

Objective

Secure Boot is not currently supported out of the box, the following steps are only best effort to add support.
Linux agent version 8.8.0 adds support for Secure Boot

How to configure the Linux agent to work when the Secure Boot option is enabled?

Resolution

The App Control agent has no built-in support for secure boot at this time, so the following options exist:

Option 1: Disable UEFI Secure Boot
  1. Reboot the computer > Enter into the UEFI firmware / BIOS configuration
  2. Find the secure boot option (possibly under the security menu) and set it to disabled
  3. Save the change and reboot
Option 2: Sign the App Control kernel modules
  1. Install the kernel-devel RPM matching the kernel version of the system where App Control will be installed
  2. Generate a public private key pair for signing the App Control kernel modules
    • This Red Hat article provides steps to generate a public private key pair
    • Store the key pair in some directory e.g.
       /var/tmp/signing/my_signing_keys
  3.  Sign the App Control kernel modules using the keys generated in the above step.
    • Take backup of all the file from "/opt/bit9/bin/kernel” directory
    • Sign both the App C kernel modules with the following commands:
      # uname -r
      4.18.0-80.el8.x86_64
      
      # cd /opt/bit9/bin/kernel
      # pwd
      /opt/bit9/bin/kernel
      
      # /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 /var/tmp/signing/my_signing_key.priv /var/tmp/signing/my_signing_key_pub.der b9k_87611.ko.4.18.0-80
      
      # /usr/src/kernels/$(uname -r)/scripts/sign-file sha256 /var/tmp/signing/my_signing_key.priv  /var/tmp/signing/my_signing_key_pub.der cbproxy_cbp_876_20211111.ko.4.18.0-80
      
      # chmod +x b9k_87611.ko.4.18.0-80
      
      # chmod +x cbproxy_cbp_876_20211111.ko.4.18.0-80
    • Sign all the cbproxy and b9k kernel modules present in the "/opt/bit9/bin/kernel” directory
    • This will ensure that the App C agent works with secure boot enabled even if the system is upgraded/downgraded to newer/older kernel version


     
  4. Register the public key on the App C endpoint:

Additional Notes

Support for Secure Boot will be added to the Linux App Control agent in a future agent release

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎05-13-2022
Views:
2511
Contributors