Hi,
we (at kairos.io) are trying to understand how systemd-sysext
extensions can also be made tamper-proof by being measured in a
system that boots in UKI mode.
Specifically, when Kairos boots in "UKI mode", the whole
operating system is signed and measurements in PCRs 7 and 11 are
gating the decryption of the disk partition.
This renders the OS unusable in case of various changes (e.g.
changes in UEFI databases).
systemd-sysext extensions though, are not part of this process
so they are a possible attack target.
Reading through [the systemd-stub
docs](https://www.freedesktop.org/software/systemd/man/latest/systemd-stub.html#)
it seems that systemd-sysext raw images can be measured
automatically in PCR 13 but it's not clear to us how this
measurement can be used to prevent them from being copied in the
extensions directory and made available.
- What prevents a malicious user from directly copying those raw
files into the extensions dir manually? (sudo permissions only)?
- If we somehow check for the measurements on TPM13 (e.g. by
binding disk decryption to PCR 13 as well),
how can new extensions be added? If you add or remove a new one,
measurements won't match.
- What about extensions upgrades? Don't they change the
measurement too?
- The docs read:
```
On access they should be further validated: in case of the
credentials case by encrypting/authenticating them via TPM, as
exposed by systemd-creds encrypt -T (see systemd-creds(1) for
details); in case of the system extension images by using signed
Verity images.
```
what does the `using signed Verity images` part mean?:
- these:
https://uapi-group.org/specifications/specs/discoverable_partitions_specification/#verity
?
- these:
https://docs.kernel.org/admin-guide/device-mapper/verity.html ?
Looking forward for some pointers to the
right direction, thanks!
Dimitris Karakasilis
(on behalf of the Kairos team)
