[systemd-devel] Usage of PCR[7]

Mantas Mikulėnas grawity at gmail.com
Tue Jun 6 05:20:22 UTC 2023 

On Mon, Jun 5, 2023 at 11:38 PM Adrian Vovk <adrianvovk at gmail.com> wrote:

>
> 2. The alternative approach involves pre-calculating PCR[7] on the
> client if we're updating DBX or Shim. Here's how I envision this
> going:
> - We read the TPM log (which we can trust because we're currently
> booted to system verified via the chain of trust) and extract
> everything read into PCR[7]
> - We clear PCR[16], then start replaying everything from the TPM log
> - When we reach the measurement of DBX, we pre-calculate the new value
> of DBX and measure that in instead. This would probably need
> collaboration w/ fwupd
> - When we reach the measurements made by Shim, we use the new values
> instead. See https://github.com/rhboot/shim/issues/555
> - PCR[16] now contains the future value for PCR[7]. We enroll (into a
> new keyslot) TPM decryption. We seal against 16+11+14, but then
> configure it to unseal against 7+11+14 (this is the one step I'm iffy
> about. Is this possible??)
>

You don't need to replay everything *into a real PCR* at all – the extend
operation is just a regular hash operation SHA(pcr||value), you can
recalculate everything in software, then seal the keyslot against your
provided PCR values instead of the "live" ones.

I have an old hack proof of concept for that (written mostly because I
didn't want to touch any of that SB signing even with a stick):

1. PCR[4] replay in userspace https://github.com/grawity/tpm_futurepcr
(code is ugly but it's really just calculating a hash chain, while
"updating" certain TPM log events)

2. Creating systemd-compatible LUKS tpm2 tokens against arbitrary PCR
values https://git.nullroute.lt/cgit/hacks/tpmreseal.git/
(systemd has extended its LUKS token format a little bit since then, but
the basic format still works, at least I'm able to use it on my system)

I expected #1 to be superseded by `systemd-measure` (available in latest
systemd); apparently it's not quite the same but it does focus on Secure
Boot and signed PCRs, so maybe you can get `systemd-measure` to do exactly
what you want? There's a github RFE filed for #2 so it might show up in
systemd-cryptenroll someday.

-- 
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20230606/b2a50019/attachment.htm>

More information about the systemd-devel mailing list