[systemd-devel] Fedora 38 and signed PCR binding
Aleksandar Kostadinov
akostadi at redhat.com
Sat Feb 10 20:23:54 UTC 2024
Thanks a lot for the answers. Because without them I have no clue how
to progress. I'd highly appreciate your further guidance!
On Fri, Nov 17, 2023 at 7:13 PM Dan Streetman <ddstreet at ieee.org> wrote:
> <...>
> If you don't specify --tpm2-pcrs= at all, it will bind to PCR 7, even
> if you bind to a signature as well (at least this is the current
> behavior).
>
> If you want to bind only to a signature, you should use --tpm2-pcrs=""
> (i.e. empty string) to prevent binding to PCR 7.
Got it. I see now with the luksDump what you mean
How about crypttab? I tried this to no avail:
luks-<ID> UUID=<UUID> none
discard,tpm2-device=auto,tpm2-measure-pcr=yes,tpm2-pcrs=
> <...>
> let's try manually unlocking it just to make sure the enrollment was
> ok, so after enrolling it try:
>
> systemd-cryptsetup [attach] test /dev/sda3 - tpm2-device=auto,headless=true
Couldn't find signature for this PCR bank, PCR index and public key.
Set cipher aes, mode xts-plain64, key size 512 bits for device /dev/sda3.
Couldn't find signature for this PCR bank, PCR index and public key.
No TPM2 metadata matching the current system state found in LUKS2
header, falling back to traditional unlocking.
Password querying disabled via 'headless' option.
I used `cryptsetup luksDump` to see the metadata and `cryptsetup
token` to eliminate stray token values. So now I only have two
keyslots - one for simple password and one for the TPM. And a single
token. I'll just paste it here, probably I later would need to
regenerate the volume to avoid exposure.
Keyslots:
0: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: argon2id
Time cost: 4
Memory: 375564
Threads: 2
Salt: fe 66 09 e8 71 ce 58 42 1d 5b 35 18 1f 3d fa bc
01 7e 04 22 36 91 f3 68 fe 79 d2 02 f5 f6 08 a4
AF stripes: 4000
AF hash: sha256
Area offset:32768 [bytes]
Area length:258048 [bytes]
Digest ID: 0
2: luks2
Key: 512 bits
Priority: normal
Cipher: aes-xts-plain64
Cipher key: 512 bits
PBKDF: pbkdf2
Hash: sha512
Iterations: 1000
Salt: 80 b9 1b e9 1d 11 e4 5b c3 93 ca 29 c1 d4 6d 8b
62 e1 40 78 d3 ca c2 be 6b c8 d9 1d cd 2d 9c bf
AF stripes: 4000
AF hash: sha512
Area offset:548864 [bytes]
Area length:258048 [bytes]
Digest ID: 0
Tokens:
2: systemd-tpm2
tpm2-hash-pcrs:
tpm2-pcr-bank: sha256
tpm2-pubkey:
2d 2d 2d 2d 2d 42 45 47 49 4e 20 50 55 42 4c 49
43 20 4b 45 59 2d 2d 2d 2d 2d 0a 4d 49 49 42 49
6a 41 4e 42 67 6b 71 68 6b 69 47 39 77 30 42 41
51 45 46 41 41 4f 43 41 51 38 41 4d 49 49 42 43
67 4b 43 41 51 45 41 36 44 6f 5a 5a 79 34 4d 43
47 69 50 51 34 65 68 38 4e 47 48 0a 59 6d 30 70
59 66 77 62 43 6f 39 56 79 56 74 61 56 78 47 4c
6c 55 44 2f 53 38 44 52 57 32 43 4f 2f 4e 37 58
64 75 69 6f 68 7a 79 57 4c 4a 63 4a 46 73 35 79
70 7a 36 4d 2b 4c 6e 55 4a 6d 41 4a 0a 6b 75 44
78 43 39 67 47 72 4a 53 6e 58 48 34 55 30 6b 32
34 66 54 42 39 50 6f 70 6f 71 31 57 62 63 6e 51
30 6f 62 71 70 36 70 51 72 6d 4e 4b 6b 2f 63 49
34 46 4c 6d 2f 44 79 71 7a 66 31 45 43 0a 75 6a
68 37 62 54 72 4c 35 32 79 34 2f 2f 6f 67 65 33
58 78 78 30 63 38 64 73 42 53 47 33 2b 33 71 2f
79 46 6a 54 71 4d 6e 36 4a 34 62 38 6b 6a 36 52
2b 35 75 64 53 55 78 52 57 43 6e 37 72 4b 0a 76
33 47 2b 73 41 55 4a 59 72 6d 70 78 79 38 59 63
35 75 38 43 71 52 72 4c 39 69 7a 44 45 6c 53 6b
47 53 56 49 5a 4a 45 71 68 43 31 31 4b 37 44 4b
77 2b 6d 44 6a 79 35 31 62 30 45 55 61 54 51 0a
2f 51 51 45 66 31 44 41 7a 4d 48 71 71 56 6a 73
70 74 6b 39 7a 53 36 4b 7a 36 2b 4a 52 47 78 47
2b 44 41 77 4f 35 2b 52 61 61 66 70 41 4a 55 47
7a 30 68 62 2f 4b 71 34 6c 69 34 63 53 5a 61 4a
0a 51 77 49 44 41 51 41 42 0a 2d 2d 2d 2d 2d 45
4e 44 20 50 55 42 4c 49 43 20 4b 45 59 2d 2d 2d
2d 2d 0a
tpm2-pubkey-pcrs: 11
tpm2-primary-alg: ecc
tpm2-blob: 00 7e 00 20 58 3d 8a 4d 57 a6 2d 48 45 58 ba 25
8d 22 5f 6b 62 c8 28 1e c0 b7 90 e3 62 98 30 27
19 c4 4b 68 00 10 92 fd 29 49 88 6f 6e 0d 30 51
be 63 c5 8e c3 2b d8 5b 9c 14 3b 11 33 d6 77 95
0a 01 5c 10 c0 d0 1a ff 34 df ea cf 21 a6 49 c9
c3 78 c9 1c a6 66 9c bd 25 62 5c 1a a2 14 19 58
74 09 e0 b8 f9 b0 9d 06 ec 60 95 9b 81 21 5d 1a
6a 40 57 a8 7d 08 5a c6 6e 62 c8 7e 18 5f d4 01
00 4e 00 08 00 0b 00 00 00 12 00 20 3f 8d 42 3c
f9 cc ad 73 49 2f cb 95 3a bb 98 23 9f 99 9a b2
9e 7a d8 30 22 43 04 82 44 87 46 0e 00 10 00 20
61 af 05 72 67 27 21 1b c3 29 e7 e8 50 d9 70 3e
20 3f 68 1f cf 05 0a 79 31 aa a0 9f c7 69 96 0a
tpm2-policy-hash:
3f 8d 42 3c f9 cc ad 73 49 2f cb 95 3a bb 98 23
9f 99 9a b2 9e 7a d8 30 22 43 04 82 44 87 46 0e
tpm2-pin: false
tpm2-salt: false
tpm2-srk: true
Keyslot: 2
It seems correct to me and I see no warnings anymore when sunning
cryptsetup. But how can I double check the configuration on the TPM
side matches this?
btw in my ukify command that you can see in earlier messages, I use
--phases='enter-initrd' which could explain why it wont work in the
test mode. But I also tried adding more phases to no avail
* --phases='enter-initrd:leave-initrd
enter-initrd:leave-initrd:sysinit
enter-initrd:leave-initrd:sysinit:ready'
> <...>
> > Strange is that in `journalctl -b` I still see "Couldn't find
> > signature for this PCR bank, PCR index and public key." So I wonder
> > what could be broken and how to fix it. How to inspect the initrd
> > inside the UKI?
>
> well you built the initrd before running ukify, so just take a look at
> it before you build the uki
Good point. I was thinking more about inspecting the measurements
signarute file(s) in the uki if this makes sense. I still don't
understand how this signing is supposed to work.
More information about the systemd-devel
mailing list