[systemd-devel] sd-boot setup and PCRs

[Felix Rubio]

Hi Lennart, Andrei, Adrian

Understood, and thank you very much :-) then 7+11+14 it is.

Regards!

---
Felix Rubio
"Don't believe what you're told. Double check."

On 2023-06-19 17:21, Lennart Poettering wrote:
> On So, 18.06.23 20:56, Felix Rubio (felix at kngnt.org) wrote:
> 
>> Hi everybody,
>> 
>> After some days offline, today I have gone through the emails 
>> exchanged a
>> couple of weeks ago and agreed: UKI is the way to go. Last time I 
>> checked
>> about it I read about possible problems related to when some modules 
>> would
>> be loaded and so, but I see that my knowledge was outdated.
>> 
>> This said, right now my setup looks like: SecureBoot is enabled, I am 
>> using
>> Shim, Systemd-Boot as shim's second stage, and a UKI. As the disk is
>> encrypted, for now I am making the decryption predicated to PCRs 7 and 
>> 14,
>> so that the decryption will only fail when either SB state changes, or 
>> when
>> shim certificates/hashes change. So far so good.
>> 
>> Out of curiosity now, I am wondering: what would happen in case 
>> somebody
>> boots the system from, e.g., a USB drive that contains a signed image? 
>> Even
>> if the shim is the same version, I assume it will fail to unlock 
>> because the
>> MOK will not contain my certificate? Should that certificate had been 
>> stolen
>> and present, be enough to then unlock the disk?
> 
> MOK is persisted in an EFI var, hence it doesn't matter what you boot
> from, the MOK db will be the same.
> 
> Hence if that UKI on the usb drive is signed by some key that is in
> your MOK then this will just be accepted and get access to your keys.
> 
>> I am trying to assess if I should put in the mix PCR 4, so that I can 
>> keep
>> track of the UKI image that gets loaded. Do you guys think this would 
>> be
>> needed, or is overkill?
> 
> If you use UKIs, bind to the signature for PCR 11.
> 
> Lennart
> 
> --
> Lennart Poettering, Berlin