On Di, 11.03.25 13:16, Lennart Poettering (lennart@xxxxxxxxxxxxxx) wrote: > On Mo, 10.03.25 12:27, Adrian Vovk (adrianvovk@xxxxxxxxx) wrote: > > > Well, the TPM is supposed to be secure against hardware debugger access, in > > theory. Ditto with CPUs, and JTAG lockout. > > > > So if there's TOCTOU bugs in our code we need to be robust against them too. > > > > Anyway, I don't think this is a TOCTOU bug. Basically, it seems that we're > > sometimes OK letting communication to the TPM fail. In which case, an > > attacker can cause the communication to fail, and we'll be none the wiser > > > > If device specific encryption key leaks, then the data there can be modified > > > > by the attacker. I too fail to see the bug here. > > > > > > > Right, this is what we're trying to avoid. > > > > Basically, the bug is: an attacker does a DOS on the TPM in such a way that > > systemd boots to the rootfs without measuring the `leave-initrd` pcrphase, > > or the fake rootfs's pcr15. Once in the rootfs, the TPM doesn't know that > > it has left the initrd. And that's game over: the attacker stops DOSing the > > TPM, and extracts the encryption keys for the real rootfs from the TPM. > > it is true that we currently do not block continued booting if a > measurement fails. > > I figure systemd-pcrextend should start to simply invoke > reboot(RB_HALT_SYSTEM) if a TPM exists but it cannot extend a > PCR. Happy to take a PR for that. I prepped a PR for that now: https://github.com/systemd/systemd/pull/36705 Turned out to be much simpler than I expected... Lennart -- Lennart Poettering, Berlin
Re: Is tpm2-measure-pcr really an additional security?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Is tpm2-measure-pcr really an additional security?
- From: Lennart Poettering <lennart@xxxxxxxxxxxxxx>
- Date: Tue, 11 Mar 2025 17:34:45 +0100
- Cc: Mikko Rapeli <mikko.rapeli@xxxxxxxxxx>, Yann Diorcet <diorcet.yann@xxxxxxxxx>, Systemd Devel <systemd-devel@xxxxxxxxxxxxxxxxxxxxx>
- In-reply-to: <Z9Apj5cAPprX-ROW@gardel-login>
- References: <214ba7b7-ae75-4b8e-94c6-9510216492be@gmail.com> <Z86rE9USh_yPWLDY@gardel-login> <CACPcEYkLn-zKPU0KkpfqhY7FLcgPXFGa1Gbbwh5nWB_zXApmwg@mail.gmail.com> <CAAdYy_m2yL3p2zKDuTnWQZmKHtpf9OEhzBXqM_rQ4EGMoReR2Q@mail.gmail.com> <Z88OFgp6Le4MCkj2@nuoska> <CAAdYy_kDJnqx6SpTLa7LtWmPWthbpgDXMvi1KX3Lr6CJ7+v30A@mail.gmail.com> <Z9Apj5cAPprX-ROW@gardel-login>
- References:
- Is tpm2-measure-pcr really an additional security?
- From: Diorcet Yann
- Re: Is tpm2-measure-pcr really an additional security?
- From: Lennart Poettering
- Re: Is tpm2-measure-pcr really an additional security?
- From: Yann Diorcet
- Re: Is tpm2-measure-pcr really an additional security?
- From: Adrian Vovk
- Re: Is tpm2-measure-pcr really an additional security?
- From: Mikko Rapeli
- Re: Is tpm2-measure-pcr really an additional security?
- From: Adrian Vovk
- Re: Is tpm2-measure-pcr really an additional security?
- From: Lennart Poettering
- Is tpm2-measure-pcr really an additional security?
- Prev by Date: Re: Is tpm2-measure-pcr really an additional security?
- Next by Date: Re: DOSing the TPM to leak the rootfs encryption key
- Previous by thread: Re: Is tpm2-measure-pcr really an additional security?
- Next by thread: Re: Is tpm2-measure-pcr really an additional security?
- Index(es):
 |