On 2025-03-10 18:25, Diorcet Yann wrote:
Le 10/03/2025 à 17:27, Adrian Vovk a écrit :
2) Just before opening the var LUKS: PCR15=0 or something predictable cryptsetup is used to open var and update PCR15 thanks to tpm2-measure-pcr=yes. but in this case /dev/sda1 is replaced with the original /dev/sda1 partition.
I think that you mean that /dev/sda2 (/var) is replaced with the original /dev/sda1 (rootfs), so mounting the original root in /var, right?
PCR15=hash1 3) initrd makes the mount of the fs, makes multiple measurements (notably on PCR11 with leave-initrd) then chroots and executes malicious init. Is PCR15 checked against a pre-calculated value saved in the signed initrd before leaving initrd? If it's not the case, then when executing the init from the chrooted malicious partition, the original /dev/sda1 LUKS will be opened and mounted as var.
You need a service in the initrd to do that. systemd AFAIK is not currently providing one, but the plumbing is there to bring your own.