On Di, 11.03.25 13:27, Lennart Poettering (lennart@xxxxxxxxxxxxxx) wrote: > On Mo, 10.03.25 19:25, Diorcet Yann (diorcet.yann@xxxxxxxxx) wrote: > > > Is PCR15 checked against a pre-calculated value saved in the signed initrd > > before leaving initrd? If it's not the case, then when executing the init > > from the chrooted malicious partition, the original /dev/sda1 LUKS will be > > opened and mounted as var. > > I think you are misunderstanding what PCR15 is supposed to be. it's > not really supposed to be consumed for FDE, but simply populated by > FDE. It's usecase was to later have PCR that identifies the local > system, that we can lock encrypted credentials or systemd-confext > images to. > > To protect the order of things use the "phase" logic, i.e. in PCR 15. > > And to say this very clearly: the model this is designed for assumes > you have one encrypted fs not many. i.e. if everything checks out then > you get access to it, and if it doesn't you don't. I am not sure I > understand your scenario, but you appear to work with two encrypted > disks, one for the rootfs and one for /var/? Yes, there is no > protection for using them for the wrong purpose (ie. the root fs for > /var/ or vice versa), because that was never in the picture of being > an issue. > > If you want multiple encrypted partitions like that, then things are a > lot more complicated, but let me ask you: why even? It makes sense to > split up things so that you have various sets of data with different > protections (i.e. some unprotected, some verity protected, some > encrypted + tpm). But if you have multiple partitions protected the > same way, why split them up, and why create such a headache then. I prepped this now: https://github.com/systemd/systemd/pull/36714 It should add protections that address the aforementioned issues with "misusing" partitions at the wrong places. Lennart -- Lennart Poettering, Berlin
Re: Is tpm2-measure-pcr really an additional security?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Is tpm2-measure-pcr really an additional security?
- From: Lennart Poettering <lennart@xxxxxxxxxxxxxx>
- Date: Wed, 12 Mar 2025 15:14:17 +0100
- Cc: Adrian Vovk <adrianvovk@xxxxxxxxx>, Mikko Rapeli <mikko.rapeli@xxxxxxxxxx>, Systemd Devel <systemd-devel@xxxxxxxxxxxxxxxxxxxxx>
- In-reply-to: <Z9AsLxSRnE7dGqy1@gardel-login>
- References: <214ba7b7-ae75-4b8e-94c6-9510216492be@gmail.com> <Z86rE9USh_yPWLDY@gardel-login> <CACPcEYkLn-zKPU0KkpfqhY7FLcgPXFGa1Gbbwh5nWB_zXApmwg@mail.gmail.com> <CAAdYy_m2yL3p2zKDuTnWQZmKHtpf9OEhzBXqM_rQ4EGMoReR2Q@mail.gmail.com> <Z88OFgp6Le4MCkj2@nuoska> <CAAdYy_kDJnqx6SpTLa7LtWmPWthbpgDXMvi1KX3Lr6CJ7+v30A@mail.gmail.com> <84a33bb5-46d6-49c7-99e0-d5518250e9e5@gmail.com> <Z9AsLxSRnE7dGqy1@gardel-login>
- References:
- Is tpm2-measure-pcr really an additional security?
- From: Diorcet Yann
- Re: Is tpm2-measure-pcr really an additional security?
- From: Lennart Poettering
- Re: Is tpm2-measure-pcr really an additional security?
- From: Yann Diorcet
- Re: Is tpm2-measure-pcr really an additional security?
- From: Adrian Vovk
- Re: Is tpm2-measure-pcr really an additional security?
- From: Mikko Rapeli
- Re: Is tpm2-measure-pcr really an additional security?
- From: Adrian Vovk
- Re: Is tpm2-measure-pcr really an additional security?
- From: Diorcet Yann
- Re: Is tpm2-measure-pcr really an additional security?
- From: Lennart Poettering
- Is tpm2-measure-pcr really an additional security?
- Prev by Date: Re: DOSing the TPM to leak the rootfs encryption key
- Next by Date: Please help me fix the fluidsynth.service file
- Previous by thread: Re: Is tpm2-measure-pcr really an additional security?
- Next by thread: Re: Is tpm2-measure-pcr really an additional security?
- Index(es):
 |