On Di, 11.03.25 13:27, Lennart Poettering (lennart@xxxxxxxxxxxxxx) wrote: > On Mo, 10.03.25 19:25, Diorcet Yann (diorcet.yann@xxxxxxxxx) wrote: > > > Is PCR15 checked against a pre-calculated value saved in the signed initrd > > before leaving initrd? If it's not the case, then when executing the init > > from the chrooted malicious partition, the original /dev/sda1 LUKS will be > > opened and mounted as var. > > I think you are misunderstanding what PCR15 is supposed to be. it's > not really supposed to be consumed for FDE, but simply populated by > FDE. It's usecase was to later have PCR that identifies the local > system, that we can lock encrypted credentials or systemd-confext > images to. > > To protect the order of things use the "phase" logic, i.e. in PCR 15. > > And to say this very clearly: the model this is designed for assumes > you have one encrypted fs not many. i.e. if everything checks out then > you get access to it, and if it doesn't you don't. I am not sure I > understand your scenario, but you appear to work with two encrypted > disks, one for the rootfs and one for /var/? Yes, there is no > protection for using them for the wrong purpose (ie. the root fs for > /var/ or vice versa), because that was never in the picture of being > an issue. > > If you want multiple encrypted partitions like that, then things are a > lot more complicated, but let me ask you: why even? It makes sense to > split up things so that you have various sets of data with different > protections (i.e. some unprotected, some verity protected, some > encrypted + tpm). But if you have multiple partitions protected the > same way, why split them up, and why create such a headache then. I prepped this now: https://github.com/systemd/systemd/pull/36714 It should add protections that address the aforementioned issues with "misusing" partitions at the wrong places. Lennart -- Lennart Poettering, Berlin