On Wed, Jul 5, 2023 at 2:11 PM Felix Rubio <felix@xxxxxxxxx> wrote:
For what is explained on the the systemd-pcrphase.service(8) and
comparing it to what I see in the log of the systemd services, there are
three events in relation to this question:
systemd-pcrphase-initrd.service
[...]
[systemd-ask-password-console.service]
[...]
systemd-pcrphase-sysinit
systemd-pcrphase
This means that, indeed, running cryptenroll after the new kernel has
booted will never provide the correct PCR registry for 11. But then...
what options do I have? Do I need to choose between having PCRs 7 and
14, so that I make sure that SB is up and running and all the certs from
shim have not changed, or to have only PCR 11 so that I know that the
UKI has not changed although SB can potentially be even disabled
(please, correct me if wrong)?
I think the idea is to use `systemd-measure` to precompute PCR 11 for a specific phase, then use the precomputed PCR value instead of the "live" PCR value when sealing the data.
systemd-cryptenroll does not accept raw PCR values directly (though I use a separate python script for that); instead it accepts --tpm2-public-key= as a public key that could be used to *sign* PCR values, and an external --tpm2-signature= path that'll contain the signed data.
So I believe you're supposed to use systemd-measure to precompute and sign PCR 11, put the signed file in /boot, and tell systemd-cryptenroll to use that when unlocking. (Later you only need to re-sign the PCR measurements in /boot without needing to re-do cryptenroll.)
--
Mantas Mikulėnas
