10.03.2025 19:27, Adrian Vovk wrote:
Basically, the bug is: an attacker does a DOS on the TPM in such a way that systemd boots to the rootfs without measuring the `leave-initrd` pcrphase,
pcrphase works only with UKI and OP started with mentioning separate kernel and initrd which excludes UKI.
This really needs the complete description of the setup and ideally of the attack, otherwise everyone will be discussing something different.
or the fake rootfs's pcr15. Once in the rootfs, the TPM doesn't know that it has left the initrd. And that's game over: the attacker stops DOSing the TPM, and extracts the encryption keys for the real rootfs from the TPM. Best, Adrian
