On Mi, 05.07.23 14:17, Mantas Mikulėnas (grawity@xxxxxxxxx) wrote: > On Wed, Jul 5, 2023 at 2:11 PM Felix Rubio <felix@xxxxxxxxx> wrote: > > > For what is explained on the the systemd-pcrphase.service(8) and > > comparing it to what I see in the log of the systemd services, there are > > three events in relation to this question: > > > > systemd-pcrphase-initrd.service > > [...] > > [systemd-ask-password-console.service] > > [...] > > systemd-pcrphase-sysinit > > systemd-pcrphase > > > > This means that, indeed, running cryptenroll after the new kernel has > > booted will never provide the correct PCR registry for 11. But then... > > what options do I have? Do I need to choose between having PCRs 7 and > > 14, so that I make sure that SB is up and running and all the certs from > > shim have not changed, or to have only PCR 11 so that I know that the > > UKI has not changed although SB can potentially be even disabled > > (please, correct me if wrong)? > > > > I think the idea is to use `systemd-measure` to precompute PCR 11 for a > specific phase, then use the precomputed PCR value instead of the "live" > PCR value when sealing the data. > > systemd-cryptenroll does not accept raw PCR values directly (though I use a > separate python script for that); instead it accepts --tpm2-public-key= as > a public key that could be used to *sign* PCR values, and an external > --tpm2-signature= path that'll contain the signed data. > > So I believe you're supposed to use systemd-measure to precompute and sign > PCR 11, put the signed file in /boot, and tell systemd-cryptenroll to use > that when unlocking. (Later you only need to re-sign the PCR measurements > in /boot without needing to re-do cryptenroll.) Actually, my recommendation is to embed the signature file in the UKI itself, after all the signatures are specific to specific UKIs, and hence it makes sense to glue them into the UKIs. Lennart -- Lennart Poettering, Berlin