Re: [PATCH v11 00/20] Automatic Disk Unlock with TPM2
On Mon, Apr 15, 2024 at 10:26:32AM -0400, Stefan Berger wrote: > > > On 4/15/24 05:45, Gary Lin wrote: > > On Fri, Apr 12, 2024 at 12:24:36PM -0400, Stefan Berger wrote: > > > > > > > > > On 4/12/24 04:39, Gary Lin via Grub-devel wrote: > > > > GIT repo for v11: https://github.com/lcp/grub2/tree/tpm2-unlock-v11 > > > > > > > > This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by > > > > Hernan Gatta to introduce the key protector framework and TPM2 stack > > > > to GRUB2, and this could be a useful feature for the systems to > > > > implement full disk encryption. > > > > > > You also need to extend the documentation with the command line steps and > > > a > > > IMO there has to be a warning for VM users that sealing to PCRs inside a > > > VM > > > is dangerous since the next packages update may bring an update to > > > TianoCore > > > UEFI/SeaBIOS/SLOF/... showing different PCR values and unsealing will not > > > work then. > > > > > For baremetal users, it still could happen after upgrading the firmware. > > Right but this is much rarer. > > > We surely need a place to notice users this situation when using PCR > > 0~7. > > PCRs 8-9 probably have to be all zeros at the time of sealing (running the > user space application for seting this up) so they have the values at the > time before grub measures kernel and initramfs, right? > For grub-protect, yes. On the other hand, pcr-oracle can predict PCR 9 based on the current grub.cfg and the eventlog. PCR 8 is tricky because grub measures the command with the expanded variables, and pcr-oracle has to be improved to parse all grub config files to make the prediction. Gary Lin ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH v11 00/20] Automatic Disk Unlock with TPM2
On 4/15/24 05:45, Gary Lin wrote: On Fri, Apr 12, 2024 at 12:24:36PM -0400, Stefan Berger wrote: On 4/12/24 04:39, Gary Lin via Grub-devel wrote: GIT repo for v11: https://github.com/lcp/grub2/tree/tpm2-unlock-v11 This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by Hernan Gatta to introduce the key protector framework and TPM2 stack to GRUB2, and this could be a useful feature for the systems to implement full disk encryption. You also need to extend the documentation with the command line steps and a IMO there has to be a warning for VM users that sealing to PCRs inside a VM is dangerous since the next packages update may bring an update to TianoCore UEFI/SeaBIOS/SLOF/... showing different PCR values and unsealing will not work then. For baremetal users, it still could happen after upgrading the firmware. Right but this is much rarer. We surely need a place to notice users this situation when using PCR 0~7. PCRs 8-9 probably have to be all zeros at the time of sealing (running the user space application for seting this up) so they have the values at the time before grub measures kernel and initramfs, right? Thanks, Gary Lin ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH v11 00/20] Automatic Disk Unlock with TPM2
On Fri, Apr 12, 2024 at 12:24:36PM -0400, Stefan Berger wrote: > > > On 4/12/24 04:39, Gary Lin via Grub-devel wrote: > > GIT repo for v11: https://github.com/lcp/grub2/tree/tpm2-unlock-v11 > > > > This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by > > Hernan Gatta to introduce the key protector framework and TPM2 stack > > to GRUB2, and this could be a useful feature for the systems to > > implement full disk encryption. > > You also need to extend the documentation with the command line steps and a > IMO there has to be a warning for VM users that sealing to PCRs inside a VM > is dangerous since the next packages update may bring an update to TianoCore > UEFI/SeaBIOS/SLOF/... showing different PCR values and unsealing will not > work then. > For baremetal users, it still could happen after upgrading the firmware. We surely need a place to notice users this situation when using PCR 0~7. Thanks, Gary Lin ___ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
Re: [PATCH v11 00/20] Automatic Disk Unlock with TPM2
On 4/12/24 04:39, Gary Lin via Grub-devel wrote: GIT repo for v11: https://github.com/lcp/grub2/tree/tpm2-unlock-v11 This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by Hernan Gatta to introduce the key protector framework and TPM2 stack to GRUB2, and this could be a useful feature for the systems to implement full disk encryption. You also need to extend the documentation with the command line steps and a IMO there has to be a warning for VM users that sealing to PCRs inside a VM is dangerous since the next packages update may bring an update to TianoCore UEFI/SeaBIOS/SLOF/... showing different PCR values and unsealing will not work then. Stefan To support TPM 2.0 Key File format(*2), patch 1~5,7 are grabbed from Daniel Axtens's "appended signature secure boot support" (*3) to import libtasn1 into grub2. Besides, the libtasn1 version is upgraded to 4.19.0 instead of 4.16.0 in the original patch. Patch 6 fixes a potential buffer overrun in libtasn1. (https://gitlab.com/gnutls/libtasn1/-/issues/49) Patch 8 adds the document for libtasn1 and the steps to upgrade the library. Patch 9~13 are Hernan Gatta's patches with the follow-up fixes and improvements: - Converting 8 spaces into 1 tab - Merging the minor build fix from Michael Chang - Replacing "lu" with "PRIuGRUB_SIZE" for grub_dprintf - Adding "enable = efi" to the tpm2 module in grub-core/Makefile.core.def - Rebasing "cryptodisk: Support key protectors" to the git master - Removing the measurement on the sealed key - Based on the patch from Olaf Kirch - Adjusting the input parameters of TPM2_EvictControl to match the order in "TCG TPM2 Part3 Commands" - Declaring the input arguments of TPM2 functions as const - Resending TPM2 commands on TPM_RC_RETRY - Adding checks for the parameters of TPM2 commands - Packing the missing authorization command for TPM2_PCR_Read - Tweaking the TPM2 command functions to allow some parameters to be NULL so that we don't have to declare empty variables - Only enabling grub-protect for "efi" since the TPM2 stack currently relies on the EFI TCG2 protocol to send TPM2 commands - Using grub_cpu_to_be*() in the TPM2 stack instead of grub_swap_bytes*() which may cause problems in big-indian machines - Changing the short name of "--protector" of "cryptomount" from "-k" to "-P" to avoid the conflict with "--key-file" - Supporting TPM 2.0 Key File Format besides the raw sealed key - Adding the external libtasn1 dependency to grub-protect to write the TPM 2.0 Key files - Extending the TPM2 TSS stack to support authorized policy Patch 14 implements the authorized policy support. Patch 15 implements the missing NV index mode. (Thanks to Patrick Colp) Patch 16 improves the 'cryptomount' command to fall back to the passphrase mode when the key protector fails to unlock the encrypted partition. (Another patch from Patrick Colp) Patch 17 and 18 fix the potential security issues spotted by Fabian Vogt. Patch 19 and 20 implement the TPM key unsealing testcases. To utilize the TPM2 key protector to unlock the encrypted partition (sdb1), here are the sample steps: 1. Add an extra random key for LUKS (luks-key) $ dd if=/dev/urandom of=luks-key bs=1 count=32 $ sudo cryptsetup luksAddKey /dev/sdb1 luks-key --pbkdf=pbkdf2 2. Seal the key $ sudo grub-protect --action=add \ --protector=tpm2 \ --tpm2key \ --tpm2-keyfile=luks-key \ --tpm2-outfile=/boot/efi/boot/grub2/sealed.tpm 3. Unseal the key with the proper commands in grub.cfg: tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm cryptomount -u -P tpm2 (*1) https://lists.gnu.org/archive/html/grub-devel/2022-02/msg6.html (*2) https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html (*3) https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00044.html v11: - Adding the missing default: handlers in grub-core/tpm2/mu.c - Updating the help messages and commit messages to reflect the change of the default SRK algorithm (RSA2048 -> ECC_NIST_P256) - Adding the testcase for the NV index mode v10: - https://lists.gnu.org/archive/html/grub-devel/2024-04/msg00019.html - GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v10 - Fixing the coverity issues: CID 435775, CID 435771, CID 435770, CID 435769, CID 435767, CID 435761 https://lists.gnu.org/archive/html/grub-devel/2024-02/txtKIuUb5lf3O.txt - Fixing the potential memory leak (CID 435775) - Removing the unnecessary grub_protect_get_grub_drive_for_file() from util/grub-protect.c (CID 435771) - Using the grub_tpm2_mu_TPM2B_*_Unmarshal functions to unmarshal the TPM2B structs instead of a generic grub_tpm2_mu_TPM2B_Unmarshal (CID 435770) - Fixing Null pointer dereference (CID 435769) - Adding bound checks to grub_tpm2_mu_TPML_DIGEST_Unmarshal() (CID 435767) - Improving the check for
[PATCH v11 00/20] Automatic Disk Unlock with TPM2
GIT repo for v11: https://github.com/lcp/grub2/tree/tpm2-unlock-v11 This patch series is based on "Automatic TPM Disk Unlock"(*1) posted by Hernan Gatta to introduce the key protector framework and TPM2 stack to GRUB2, and this could be a useful feature for the systems to implement full disk encryption. To support TPM 2.0 Key File format(*2), patch 1~5,7 are grabbed from Daniel Axtens's "appended signature secure boot support" (*3) to import libtasn1 into grub2. Besides, the libtasn1 version is upgraded to 4.19.0 instead of 4.16.0 in the original patch. Patch 6 fixes a potential buffer overrun in libtasn1. (https://gitlab.com/gnutls/libtasn1/-/issues/49) Patch 8 adds the document for libtasn1 and the steps to upgrade the library. Patch 9~13 are Hernan Gatta's patches with the follow-up fixes and improvements: - Converting 8 spaces into 1 tab - Merging the minor build fix from Michael Chang - Replacing "lu" with "PRIuGRUB_SIZE" for grub_dprintf - Adding "enable = efi" to the tpm2 module in grub-core/Makefile.core.def - Rebasing "cryptodisk: Support key protectors" to the git master - Removing the measurement on the sealed key - Based on the patch from Olaf Kirch - Adjusting the input parameters of TPM2_EvictControl to match the order in "TCG TPM2 Part3 Commands" - Declaring the input arguments of TPM2 functions as const - Resending TPM2 commands on TPM_RC_RETRY - Adding checks for the parameters of TPM2 commands - Packing the missing authorization command for TPM2_PCR_Read - Tweaking the TPM2 command functions to allow some parameters to be NULL so that we don't have to declare empty variables - Only enabling grub-protect for "efi" since the TPM2 stack currently relies on the EFI TCG2 protocol to send TPM2 commands - Using grub_cpu_to_be*() in the TPM2 stack instead of grub_swap_bytes*() which may cause problems in big-indian machines - Changing the short name of "--protector" of "cryptomount" from "-k" to "-P" to avoid the conflict with "--key-file" - Supporting TPM 2.0 Key File Format besides the raw sealed key - Adding the external libtasn1 dependency to grub-protect to write the TPM 2.0 Key files - Extending the TPM2 TSS stack to support authorized policy Patch 14 implements the authorized policy support. Patch 15 implements the missing NV index mode. (Thanks to Patrick Colp) Patch 16 improves the 'cryptomount' command to fall back to the passphrase mode when the key protector fails to unlock the encrypted partition. (Another patch from Patrick Colp) Patch 17 and 18 fix the potential security issues spotted by Fabian Vogt. Patch 19 and 20 implement the TPM key unsealing testcases. To utilize the TPM2 key protector to unlock the encrypted partition (sdb1), here are the sample steps: 1. Add an extra random key for LUKS (luks-key) $ dd if=/dev/urandom of=luks-key bs=1 count=32 $ sudo cryptsetup luksAddKey /dev/sdb1 luks-key --pbkdf=pbkdf2 2. Seal the key $ sudo grub-protect --action=add \ --protector=tpm2 \ --tpm2key \ --tpm2-keyfile=luks-key \ --tpm2-outfile=/boot/efi/boot/grub2/sealed.tpm 3. Unseal the key with the proper commands in grub.cfg: tpm2_key_protector_init --tpm2key=(hd0,gpt1)/boot/grub2/sealed.tpm cryptomount -u -P tpm2 (*1) https://lists.gnu.org/archive/html/grub-devel/2022-02/msg6.html (*2) https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html (*3) https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00044.html v11: - Adding the missing default: handlers in grub-core/tpm2/mu.c - Updating the help messages and commit messages to reflect the change of the default SRK algorithm (RSA2048 -> ECC_NIST_P256) - Adding the testcase for the NV index mode v10: - https://lists.gnu.org/archive/html/grub-devel/2024-04/msg00019.html - GIT repo: https://github.com/lcp/grub2/tree/tpm2-unlock-v10 - Fixing the coverity issues: CID 435775, CID 435771, CID 435770, CID 435769, CID 435767, CID 435761 https://lists.gnu.org/archive/html/grub-devel/2024-02/txtKIuUb5lf3O.txt - Fixing the potential memory leak (CID 435775) - Removing the unnecessary grub_protect_get_grub_drive_for_file() from util/grub-protect.c (CID 435771) - Using the grub_tpm2_mu_TPM2B_*_Unmarshal functions to unmarshal the TPM2B structs instead of a generic grub_tpm2_mu_TPM2B_Unmarshal (CID 435770) - Fixing Null pointer dereference (CID 435769) - Adding bound checks to grub_tpm2_mu_TPML_DIGEST_Unmarshal() (CID 435767) - Improving the check for the return value of ftell() (CID 435761) - Adding a quick fix for CID 435762 - Removing the empty ending line in tests/asn1_test.in - Fixing docs/grub-dev.texi and updating the libtasn1 patches in grub-core/lib/libtasn1-patches/ - Merging all the TPM2 TSS stack patches into one to reduce the total patch number - Switching the default asymmetric algorithm from RSA2048 to TPM_ECC_NIST_P256 for the faster key
