Re: dm-integrity volume with TPM key?

[Lennart Poettering <lennart@xxxxxxxxxxxxxx>]

On Mi, 29.09.21 21:53, Sebastian Wiesner (sebastian@xxxxxxxx) wrote:

> Hello,
>
> "Authenticated Boot and Disk Encryption on Linux" [1] suggests to "make
> /home/ its own dm-integrity volume with a HMAC, keyed by the TPM" when
> using systemd-homed for user home directories.
>
> I'd like to try that but… how? I can use systemd-cryptenroll to make a
> encrypted volume with a TPM key, but how do I make a dm-integrity
> volume with a TPM key?  I've gone through the manpage for
> integritysetup and did a few unsuccessful google searches, but I've not
> found any answer.

It's not easy to find, because it doesn't exist. ;-)

We have the TPM stuff in place, and we cover both cryptsetup +
veritysetup pretty nicely. We are still missing the final glue here
though. systemd-integritysetup + /etc/integritytab. The hard plumbing
problems are all solved, what's missing is just putting together the
porcelain for it.

I had hope that libcryptsetup would support a mode where we can use a
LUKS2 superblock with only dm-integrity without dm-crypt (which would
give us proper key management for this thing). But the idea is not
attractive to the libcryptsetup people unfortunately, as it turns out.

My current thinking how I'd personally deploy this is actually not
necessarily by directly enrolling the HMAC key for dm-integrity with
the TPM, but instead just piggyback things to an otherwise protected
/etc/ or /var/. i.e. define a key file /etc/integrity.key (with a
fallback to /var/lib/integrity.key) or similar, that is used as
implicit HMAC key for all dm-integrity needs. Then, because (at least
in my idealized view) /etc or /var are authenticated territory (bound
to TPM) we get the property we want, indirectly.

Lennart

--
Lennart Poettering, Berlin