[tpm2] System design question - Felix Rubio Dalmau

public inbox for tpm2@lists.linux.dev
 help / color / mirror / Atom feed

From: Felix Rubio Dalmau <felix at kngnt.org>
To: tpm2@lists.01.org
Subject: [tpm2] System design question
Date: Sun, 21 Aug 2022 09:17:56 +0200	[thread overview]
Message-ID: <22755930.6Emhk5qWAg@polaris> (raw)

[-- Attachment #1: Type: text/plain, Size: 2076 bytes --]

Hi everybody,

I am playing with a QEMU VM that uses swtpm. My goal is to make a stable, easily maintainable setup to have ZFS native full disk encription, and I am facing a problem:

* I was relying on GRUB2 signature-checking capabilities to make sure that, besides the kernel (that is checked by Secure Boot anyway), initramfs had not been tampered with. However, this introduces yet a new (GPG) private key that needs to be stored, initramfs needs to be signed when changed, etc.
* Recently I have learned that from kernel 5.10 on, the measurements of initramfs can be found on PCR9, so I modified my PCR-based policy to make use of registers 0,1,7 and 9 and I am planning to remove the GRUB2 checks. But the problem now is: After generating the policies, which I do by....

```bash
# Recreate the PCR-based policy
tpm2_startauthsession -S session.ctx
tpm2_policypcr -S session.ctx -L regular.policy -l sha256:0,1,7,9
tpm2_policypassword -S session.ctx -L regular.policy
tpm2_flushcontext session.ctx

# session for auth based on rescue password
tpm2_startauthsession -S session.ctx
tpm2_policysecret -S session.ctx -L rescue.policy -c o '<tpm_ownerpass>'
tpm2_flushcontext session.ctx

# compound both policies using OR
tpm2_startauthsession -S session.ctx
tpm2_policyor -S session.ctx -L compound.policy sha256:rescue.policy,regular.policy
tpm2_flushcontext session.ctx

# create the seal object (the FS password is requested to the user)
tpm2_create -C prim.ctx -c key.ctx -u key.pub -r key.priv -L compound.policy -i- -p '<disk_unlock_password>' -a 'fixedtpm|fixedparent'

# persist the object to the TPM
tpm2_evictcontrol -c key.ctx 0x81010001 -P '<tpm_ownerpass>'
```

... then I need to store regular.policy and rescue.policy in initramfs, which will produce a different hash next time.

Therefore, the question is: is there any way I can store the policies in the TPM itself, so that I do not have to rebuild initramfs? Do you guys think this is not the way to go, and there is a better approach?

Thank you very much!
Felix

                 reply	other threads:[~2022-08-21  7:17 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=22755930.6Emhk5qWAg@polaris \
    --to=tpm2@lists.01.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox