On Mo, 10.03.25 10:14, Yann Diorcet (diorcet.yann@xxxxxxxxx) wrote: > > (Not sure if I follow what the issue is supposed to be, i.e. not sure > > what "try unlocks" is supposed to mean or what "the second" refers > > to. Just guessing here). > > > > There's a TODO list item somewhere to provide more finegrained conrol > > of which mechanisms are allowed to allow a disk, and conversely to > > measure the actual mechanism used. But until then simply disable > > interactivity fully. > > > > (note that fido2, tpm2, pkcs11 unlocking needs to be enabled manually, > > it's only passphrase/recovery key unlock which is on by default, and > > which you have to turn off via headless) > > > > > - Make the update of the PCR due to the measuring of the malicious partition > > > fails > > > > hmm, i really cannot parse this? (not the rest either...?) > > If an attacker jams the communication with the TPM (discret one for > example) during the measuring phase of the first partition (which in > my example is the malicious one), the PCR will not be updated. "Jams the communication with the TPM"? Well, if you your threat model includes that this is possible then yes, measurements whose job is to "destroy" access to objects bound to a PCR will not be effective. But of course, if this is a realistic scenario to you, then the whole TPM logic just falls apart, because why suppress one measurement if you can just suppress them all, and issue them yourself instead with data of your choosing? you can get free access to anything then. > Allowing the second partition to be unlocked as it would be unlocked > in normal situtation: as the first unlocked partition. > If you don't add counter measure at the end of initrd in order to fail > this trick (as alplanas explained), you will chroot on the malicious > partition with the the good root partition unlocked and mounted as the > second partition. which counter measure do you precisely mean? Lennart -- Lennart Poettering, Berlin