[systemd-devel] PCR signing / enrolling on UKI and validation by systemd-cryptenroll

Andrei Borzenkov arvidjaar at gmail.com
Sat May 25 10:23:20 UTC 2024


On 25.05.2024 10:00, Felix Rubio wrote:
> Hi everybody,
> 
> For some time now I have been using UKIs, with SB enabled and tying FDE
> decryption on PCRs 7+11+14, with the PCR 11 being measured during UKI
> creation. Then, I use systemd-cryptenroll to update the secret:
> 
> ########
> PCR11=$(/usr/lib/systemd/ukify -c /etc/kernel/uki.conf --measure
> --output=/tmp/arch-linux.efi build | grep 11:sha256)
> systemd-cryptenroll --unlock-key-file=/root/creds/fdepassword.txt
> --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=7+11:sha256=d05ee4...+14
> /dev/nvme0n1p5
> ########
> 
> This works, flawlessly. Now, I am exploring the possibility to not bind
> to the value of those PCRS but to their signature, given that I am also
> embedding that in the UKI (the correspondent .pcrsig section is in
> place). However, I am a bit lost:
> * in .pcrsig there is only the signature for pcr11, and there seems to
> be no way to embed the signatures for other PCR values.

systemd-measure/ukify is only intended for measuring UKI in PCR 11.

> * when used in cryptenroll, how should I use this? So far, seems should
> be a call like
> ########
> systemd-cryptenroll --unlock-key-file=/root/creds/fdepassword.txt
> --wipe-slot=tpm2 --tpm2-device=auto
> --tpm2-public-key=/root/creds/tpm2-pcr-public.pem
> --tpm2-public-key-pcrs=<what?>
> ########
> 
> ... but then I do not see what should be provided in
> tpm2-public-key-pcrs. 

These are PCRs for which you intend to provide signed policy. These PCRs 
must be listed in JSON file that is given to systemd-cryptsetup as 
tpm2-signature= parameter. The only PCR for which there is systemd tool 
to compute it is PCR 11. You should be able to add other PCRs to this 
JSON file and it should work, but you will need to compute the values 
yourself.

Unfortunately, this is yet another case where systemd pretends to be 
generic while in reality it is not.

Another problem is that systemd will silently add the literal PCR policy 
for PCR 7 *in addition* to the signed policy you specify. See 
https://github.com/systemd/systemd/issues/32946.

> The same values I am currently giving to
> --tpm2-pcrs?

Only PCR11 will work as it is the only PCR for which systemd-measure 
will create the signature file. Other PCRs can additionally be used in 
--tpm2-pcrs, but that sort of invalidates the whole point of the signed 
policy.

You may consider using systemd-pcrlock instead.

> the signatures that I get from the .pcrsig for 11 + the
> calculated signatures for the current values of the PCRs 7 and 14?
> 
> Thank you very much for your time,
> 
> --
> Felix Rubio



More information about the systemd-devel mailing list