[systemd-devel] Is tpm2-measure-pcr really an additional security?
aplanas
aplanas at suse.de
Mon Mar 10 20:42:46 UTC 2025
On 2025-03-10 18:25, Diorcet Yann wrote:
> Le 10/03/2025 à 17:27, Adrian Vovk a écrit :
> 2) Just before opening the var LUKS:
>
> PCR15=0 or something predictable
>
> cryptsetup is used to open var and update PCR15 thanks to
> tpm2-measure-pcr=yes. but in this case /dev/sda1 is replaced with the
> original /dev/sda1 partition.
I think that you mean that /dev/sda2 (/var) is replaced with the
original /dev/sda1 (rootfs), so mounting the original root in /var,
right?
> PCR15=hash1
>
> 3) initrd makes the mount of the fs, makes multiple measurements
> (notably on PCR11 with leave-initrd) then chroots and executes
> malicious init.
>
>
> Is PCR15 checked against a pre-calculated value saved in the signed
> initrd before leaving initrd? If it's not the case, then when
> executing the init from the chrooted malicious partition, the original
> /dev/sda1 LUKS will be opened and mounted as var.
You need a service in the initrd to do that. systemd AFAIK is not
currently providing one, but the plumbing is there to bring your own.
More information about the systemd-devel
mailing list