On Mo, 10.03.25 10:14, Yann Diorcet (diorcet.yann@xxxxxxxxx) wrote: > > (Not sure if I follow what the issue is supposed to be, i.e. not sure > > what "try unlocks" is supposed to mean or what "the second" refers > > to. Just guessing here). > > > > There's a TODO list item somewhere to provide more finegrained conrol > > of which mechanisms are allowed to allow a disk, and conversely to > > measure the actual mechanism used. But until then simply disable > > interactivity fully. > > > > (note that fido2, tpm2, pkcs11 unlocking needs to be enabled manually, > > it's only passphrase/recovery key unlock which is on by default, and > > which you have to turn off via headless) > > > > > - Make the update of the PCR due to the measuring of the malicious partition > > > fails > > > > hmm, i really cannot parse this? (not the rest either...?) > > If an attacker jams the communication with the TPM (discret one for > example) during the measuring phase of the first partition (which in > my example is the malicious one), the PCR will not be updated. "Jams the communication with the TPM"? Well, if you your threat model includes that this is possible then yes, measurements whose job is to "destroy" access to objects bound to a PCR will not be effective. But of course, if this is a realistic scenario to you, then the whole TPM logic just falls apart, because why suppress one measurement if you can just suppress them all, and issue them yourself instead with data of your choosing? you can get free access to anything then. > Allowing the second partition to be unlocked as it would be unlocked > in normal situtation: as the first unlocked partition. > If you don't add counter measure at the end of initrd in order to fail > this trick (as alplanas explained), you will chroot on the malicious > partition with the the good root partition unlocked and mounted as the > second partition. which counter measure do you precisely mean? Lennart -- Lennart Poettering, Berlin
Re: Is tpm2-measure-pcr really an additional security?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Is tpm2-measure-pcr really an additional security?
- From: Lennart Poettering <lennart@xxxxxxxxxxxxxx>
- Date: Tue, 11 Mar 2025 13:02:11 +0100
- Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <CACPcEYkLn-zKPU0KkpfqhY7FLcgPXFGa1Gbbwh5nWB_zXApmwg@mail.gmail.com>
- References: <214ba7b7-ae75-4b8e-94c6-9510216492be@gmail.com> <Z86rE9USh_yPWLDY@gardel-login> <CACPcEYkLn-zKPU0KkpfqhY7FLcgPXFGa1Gbbwh5nWB_zXApmwg@mail.gmail.com>
- References:
- Is tpm2-measure-pcr really an additional security?
- From: Diorcet Yann
- Re: Is tpm2-measure-pcr really an additional security?
- From: Lennart Poettering
- Re: Is tpm2-measure-pcr really an additional security?
- From: Yann Diorcet
- Is tpm2-measure-pcr really an additional security?
- Prev by Date: Re: journald intended to dump core on write error?
- Next by Date: Re: Is tpm2-measure-pcr really an additional security?
- Previous by thread: Re: Is tpm2-measure-pcr really an additional security?
- Next by thread: DOSing the TPM to leak the rootfs encryption key
- Index(es):
 |