[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
This bug was fixed in the package clevis - 18-1ubuntu1.1 --- clevis (18-1ubuntu1.1) jammy; urgency=medium * d/p/lp2073429-explicitly_specify_pbkdf_iterations_to_cryptsetup.patch: Add support for pbkdf2 for fips compatibility (LP: #2073429) -- Ghadi Elie Rahme Wed, 12 Feb 2025 15:05:15 + ** Changed in: clevis (Ubuntu Jammy) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
Jammy verification:
Part 1:
FIPS enabled:
ubuntu@superb-doe:~$ cat /proc/sys/crypto/fips_enabled
1
Clevis version installed:
ubuntu@superb-doe:~$ apt list clevis
Listing... Done
clevis/jammy-proposed,now 18-1ubuntu1.1 amd64 [installed]
N: There is 1 additional version. Please use the '-a' switch to see it
4. ubuntu@superb-doe:~$ sudo parted /dev/vdb -- mklabel gpt
Warning: The existing disk label on /dev/vdb will be destroyed and all data on
this disk will be lost. Do you want to continue?
Yes/No? Y
Information: You may need to update /etc/fstab.
ubuntu@superb-doe:~$ sudo parted /dev/vdb -- mkpart primary 0% 100%
Information: You may need to update /etc/fstab.
5. ubuntu@superb-doe:~$ sudo OPENSSL_FORCE_FIPS_MODE=0 cryptsetup luksOpen
/dev/vdb1
Command requires device and mapped name as arguments.
ubuntu@superb-doe:~$ sudo OPENSSL_FORCE_FIPS_MODE=0 cryptsetup luksOpen
/dev/vdb1 tpm-disk
Enter passphrase for /dev/vdb1:
6. ubuntu@superb-doe:~$ sudo OPENSSL_FORCE_FIPS_MODE=0 clevis luks bind -d
/dev/vdb1 tpm2 '{"hash":"sha256","key":"rsa","pcr_bank":"sha256","pcr_ids":"6"}'
Enter existing LUKS password:
Warning: Value 512 is outside of the allowed entropy range, adjusting it.
7. As we can see pbkdf2 was added:
ubuntu@superb-doe:~$ sudo cryptsetup luksDump /dev/vdb1 | grep PBKDF:
PBKDF: argon2id
PBKDF: pbkdf2
Part 2: verifying if older argon2id drives are still accessible
1. Confirm that non-proposed version is installed:
ubuntu@superb-doe:~$ apt list clevis -a
Listing... Done
clevis/jammy-proposed 18-1ubuntu1.1 amd64 [upgradable from: 18-1ubuntu1]
clevis/jammy,now 18-1ubuntu1 amd64 [installed,upgradable to: 18-1ubuntu1.1]
Make sure that argon2id is used:
ubuntu@superb-doe:~$ sudo OPENSSL_FORCE_FIPS_MODE=0 clevis luks bind -d
/dev/vdb1 tpm2 '{"hash":"sha256","key":"rsa","pcr_bank":"sha256","pcr_ids":"6"}'
Enter existing LUKS password:
Warning: Value 512 is outside of the allowed entropy range, adjusting it.
ubuntu@superb-doe:~$ sudo cryptsetup luksDump /dev/vdb1 | grep PBKDF:
PBKDF: argon2id
PBKDF: pbkdf2
PBKDF: argon2id
2. mount and add data to the drive while using argon2id
ubuntu@superb-doe:~$ sudo mkfs.ext4 /dev/mapper/tpm-disk
mke2fs 1.46.5 (30-Dec-2021)
Creating filesystem with 257536 4k blocks and 64384 inodes
Filesystem UUID: 32ffc09e-c2bc-43f4-baf8-34a5b11b1d27
Superblock backups stored on blocks:
32768, 98304, 163840, 229376
Allocating group tables: done
Writing inode tables: done
Creating journal (4096 blocks): done
Writing superblocks and filesystem accounting information: done
ubuntu@superb-doe:~$ mkdir mnt-tpm
ubuntu@superb-doe:~$ sudo mount -t ext4 /dev/mapper/tpm-disk
/home/ubuntu/mnt-tpm
ubuntu@superb-doe:~/mnt-tpm$ sudo touch test-file
ubuntu@superb-doe:~/mnt-tpm$ cat test-file
Hello world!
We can that the file contains "Hello world!"
3. Now after upgrading clevis back to proposed to use pbkdf2:
ubuntu@superb-doe:~$ sudo umount /home/ubuntu/mnt-tpm
ubuntu@superb-doe:~$ sudo OPENSSL_FORCE_FIPS_MODE=0 cryptsetup luksClose
tpm-disk
ubuntu@superb-doe:~$ apt list clevis
Listing... Done
clevis/jammy-proposed,now 18-1ubuntu1.1 amd64 [installed]
N: There is 1 additional version. Please use the '-a' switch to see it
4. open the luks drive:
ubuntu@superb-doe:~$ sudo OPENSSL_FORCE_FIPS_MODE=0 cryptsetup luksOpen
/dev/vdb1 tpm-disk
Enter passphrase for /dev/vdb1:
ubuntu@superb-doe:~$ sudo mount -t ext4 /dev/mapper/tpm-disk
/home/ubuntu/mnt-tpm/
5. verify if the files are accessible:
ubuntu@superb-doe:~$ sudo cryptsetup luksDump /dev/vdb1 | grep PBKDF:
PBKDF: argon2id
PBKDF: pbkdf2
PBKDF: argon2id
ubuntu@superb-doe:~$ cat mnt-tpm/test-file
Hello world!
ubuntu@superb-doe:~$
This confirms that the argon2id files are still accessible!
** Tags removed: verification-needed-jammy
** Tags added: verification-done-jammy
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2073429
Title:
Jammy clevis forces argon2id for keyslots
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
Understood. Reverting tag to verification-needed-jammy since I can't effectively test this. I'm being pushed for > 95% STIG compliance & local won't budge on the FIPS disable call, so I guess I'm still stuck without tpm2 for the time being. ** Tags removed: verification-failed-jammy ** Tags added: verification-needed-jammy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
Chris, what you're describing is out of scope of the this launchpad issue. It is purely to address the invalid alg selected when running in fips mode. What you're describing is likely a result of the hmac implementation of tmp2-tools's tpm2-tss, likely described here: https://github.com/tpm2-software/tpm2-tss/issues/2889 Regarding the STIG comment, fedramp compliance is measured as a level of effort, and exceptions are frequently made that stretch compliance for the sake of practicality (22.04 no longer `requiring` strict fips certification is a good example of this). If you look at Matthew's comment (followed by the maintainers reply), the key bit failure is relatively meaningless in this situation. If tpm2-tools will be changed to `fix` or mitigate this in existing releases is still up in the air. It is in place upstream now however. ** Bug watch added: github.com/tpm2-software/tpm2-tss/issues #2889 https://github.com/tpm2-software/tpm2-tss/issues/2889 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
I did not set OPENSSL_FORCE_FIPS_MODE=0. I'm unable to do so because "just disable FIPS" (even for one-off tasks) would net me CMMC and/or STIG audit failures, the side effects of which I'm not keen on experiencing. I have no issues with other clevis calls on jammy under FIPS (clevis-tang, clevis-sss w/o tpm2 protectors) on with fips-updates enabled. I was told to track this bug by Canonical engineering as a probable solution to my support case. If this patch can't support leaving openssl FIPS enabled during protector enrollment, I'll have to double-back with them since for my env any disabling of FIPS is a significant issue. FWIW, I have no issues with clevis-tpm2 on focal with fips-updates enabled. Haven't tested on noble yet b/c DISA only released STIGs for it just last month & haven't had time to start testing yet. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
@ks-chrisu This looks like you are hitting a different bug related to tpm and
clevis.
Did you run the command with OPENSSL_FORCE_FIPS_MODE=0? As in the command
should be like the following:
$ sudo OPENSSL_FORCE_FIPS_MODE=0 clevis luks bind -d /dev/nvme0n1p3 tpm2
'{"hash":"sha256","key":"rsa","pcr_bank":"sha256","pcr_ids":"6"}'
Using clevis without the openssl environment variable on a FIPS system
will cause the issue you are seeing regardless of this patch.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2073429
Title:
Jammy clevis forces argon2id for keyslots
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
Proposed package update did not fix the issue for me.
VERSION TESTED:
clevis_18-1ubuntu1.1/jammy-proposed
TEST CASE:
1. Select existing workstation running 22.04/jammy with fips-updates enabled
2. Ensure all apt packages are up to date
3. Confirm fips mode is enabled:
cat /proc/sys/crypto/fips_enabled
4. Attempt clevis-luks bind against tpm2:
clevis luks bind -d /dev/nvme0n1p3 tpm2
'{"hash":"sha256","pcr_bank":"sha256","key":"rsa","pcr_ids":"0,2,4,7"}}'
EXPECTED RESULTS:
From (3): 1
From (4): Successful clevis-luks bind to /dev/nvme0n1p3
ACTUAL RESULTS:
From (3): 1
From (4): Error adding new binding to /dev/nvme0n1p3 (output attached as
clevis-luks-18-1ubuntu1.1_bind_attempt_ks-chrisu_20250307.txt)
** Attachment added:
"clevis-luks-18-1ubuntu1.1_bind_attempt_ks-chrisu_20250307.txt"
https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+attachment/5863305/+files/clevis-luks-18-1ubuntu1.1_bind_attempt_ks-chrisu_20250307.txt
** Tags removed: verification-needed-jammy
** Tags added: verification-failed-jammy
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2073429
Title:
Jammy clevis forces argon2id for keyslots
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
Hello Kyler, or anyone else affected, Accepted clevis into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/clevis/18-1ubuntu1.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-jammy. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: clevis (Ubuntu Jammy) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-jammy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
Built in ppa:vpa1977/plusone2[1], autopkgtests pass, testcase passes. We need to remove reference to CLEVIS_FORCE_FIPS_MODE as it is replaced by the check of fips_enabled file. Nit: if fips_enabled file will ever contains something like "on" or "yes" the script will be broken. On the other hand, the comparison in this case will force non-fips behaviour resulting in OOM. Uploading to ubuntu (via ftp to upload.ubuntu.com): Uploading clevis_18-1ubuntu1.1.dsc: done. Uploading clevis_18-1ubuntu1.1.debian.tar.xz: done. Uploading clevis_18-1ubuntu1.1_source.buildinfo: done. Uploading clevis_18-1ubuntu1.1_source.changes: done. Successfully uploaded packages. [1] https://launchpad.net/~vpa1977/+archive/ubuntu/plusone2/+packages -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
Hello, Here is the new iteration of the patch. It will now automatically make use of pbkdf2 when FIPS is enabled. I also updated the description. ** Patch added: "jammy-clevis-fips.debdiff" https://bugs.launchpad.net/ubuntu/jammy/+source/clevis/+bug/2073429/+attachment/5858220/+files/jammy-clevis-fips.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
** Description changed:
Thank you @kylerhornor for the original bug report
[impact]
current version of clevis on jammy uses argon2id instead of pbkdf2 for the
encryption algorithm which is not approved by the NIST. An upstream commit
(https://github.com/latchset/clevis/commit/71596307516ce2367e6303bd7f7ae7b180b29a35)
did make clevis use pbkdf2 instead of argon2id to avoid OOM scenarios on
systems with constrained memory. So this fix also resolves this issue on jammy.
Noble currently has that fix.
Although argon2id is considered more secure, the maintainer has confirmed
that currently the entropy used by clevis is high enough to the point where
pbkdf2 is considered secure enough to replace argon2id. Please refer to comment
#5 on this links for the maintainers' response:
https://bugzilla.redhat.com/show_bug.cgi?id=1979256
Also the bugzilla thread above is a good read for anyone interested in
knowing more about why this change was made.
Also, some modifications were done to make sure that clevis will only
use pbkdf2 when the environment variable CLEVIS_FORCE_FIPS_MODE=1 is
set. This is done in order not to affect current clevis users
[Test Plan]
* Test plan to verify that the new encryption algorithm pbkdf2 is being
applied
This test plan was done on a libvirt/kvm virtual machine.
1. setup a jammy VM. Attach to it a tpm2 module (software or pass-
through) and an extra drive.
2. install clevis, clevis-tpm2 and clevis-luks:
$ sudo apt install clevis clevis-tpm2 clevis-luks
3. using lsblk note the name of the extra drive that was attached to the
VM. In this case vdb will be used as an example
4. run the following commands to setup partitions on the drive:
$ sudo parted /dev/vdb -- mklabel gpt
$ sudo parted /dev/vdb -- mkpart primary 0% 100%
5. setup luks and open the drive:
- $ sudo cryptsetup luksFormat /dev/vdb1
- $ sudo cryptsetup luksOpen /dev/vdb1
+ $ sudo OPENSSL_FORCE_FIPS_MODE=0 cryptsetup luksFormat /dev/vdb1
+ $ sudo OPENSSL_FORCE_FIPS_MODE=0 cryptsetup luksOpen /dev/vdb1
replace with a name of your choosing also note how vdb1 is used
in this step instead of vdb since we are formatting the partition
created in step 4. Verify these values on your system before running the
commands.
6. finally bind the drive with clevis using tpm2:
- $ sudo clevis luks bind -d /dev/vdb1 tpm2
+ $ sudo OPENSSL_FORCE_FIPS_MODE=0 clevis luks bind -d /dev/vdb1 tpm2
'{"hash":"sha256","key":"rsa","pcr_bank":"sha256","pcr_ids":"6"}'
7. Verify the encryption algorithm being used:
sudo cryptsetup luksDump /dev/vdb1 | grep PBKDF:
Currently this will show as argon2id but after applying the patch I
- backported from upstream and repeating step 6 with
- CLEVIS_FORCE_FIPS_MODE=1 set it should show pbkdf2 in the new keyslot
+ backported from upstream and repeating step 6 it should show pbkdf2 in
+ the new keyslot
* Test plan to verify that the new version does no break current disk
encryption that was done with argon2id.
1. On the non patched version of clevis, run all the steps in the first
part of the test plan, and make sure that the output of the final step
shows argon2id.
2. create an ext4 partition on the luks drive:
$ sudo mkfs.ext4 /dev/mapper/
Where is the same value used in step 5 of the first section of the
test plan.
3. Mount the drive:
$ sudo mount -t ext4 /dev/mapper/ /mount/point/of/your/choice
4. Access the drive via the mount point and write data to it (as an
example create a file and write any data inside it)
5. Unmount and close the luks drive:
$ sudo umount /mount/point/of/your/choice
- $ sudo cryptsetup luksClose tpm_Drive
+ $ sudo OPENSSL_FORCE_FIPS_MODE=0 cryptsetup luksClose tpm_Drive
5. Upgrade clevis to the new version that uses pbkdf2.
6. Open the luks drive:
- $ sudo cryptsetup luksOpen /dev/vdb1
+ $ sudo OPENSSL_FORCE_FIPS_MODE=0 cryptsetup luksOpen /dev/vdb1
7. Mount the drive:
$ sudo mount -t ext4 /dev/mapper/ /mount/point/of/your/choice
8. And finally verify that you are able to see and access the data you
had previously written.
[where problems could occur]
* The machine could fail to create the new keyslot
* Although the maintainer says that the entropy is high enough for pbkdf2 to
be secure it might not be as secure still as argon2id even tho it is NIST
compliant.
[Original Description]
Hello,
clevis released with version 18 on jammy (22.04). For reasons that are a
bit beyond me, the cryptsetup call inside of clevis creates keyslots
using argon2id as the pbkdf. While most folks would say this is
preferable, NIST still has not approved it and it is thus incompatible
with fips 140-3 at this time.
Oddly enough, there was an upstream commit that was implemented to help
with an OOM condition that accidentally forced pbkdf2 rather than
argon2id.
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
That is correct! Not sure how I missed that in my testing. I redid the test on a fresh VM and indeed /proc/sys/crypto/fips_enabled is present. I will rewrite the patch while making use of fips_enabled instead of the env variable implemented. Thank you for pointing this out. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
It should exist if running the fips kernel and fips=1 is set as a cmdline opt. It sets after the tcrypt tests run iirc. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
I'm no expert on the FIPS enablement on Ubuntu, but are you sure that /proc/sys/crypto/fips_enabled doesn't exist? This article [1], specific to jammy, suggests it should and I've just fired up a test VM, which seems to indicate it exists: $ lxc launch ubuntu:j --vm -c limits.cpu=4 -c limits.memory=4GiB fipstest $ lxc shell fipstest # apt update && apt full-upgrade -y ... # pro attach TOKENTOKENTOKEN Enabling Ubuntu Pro: ESM Apps Ubuntu Pro: ESM Apps enabled Enabling Ubuntu Pro: ESM Infra Ubuntu Pro: ESM Infra enabled Enabling Livepatch Livepatch enabled This machine is now attached to 'Ubuntu Pro - free personal subscription' ... # pro enable fips-updates One moment, checking your subscription first This will install the FIPS packages including security updates. Warning: This action can take some time and cannot be undone. Are you sure? (y/N) y The "generic" variant of fips-updates is based on the "generic" Ubuntu kernel but this machine is running the "kvm" kernel. The "kvm" kernel may have significant hardware support differences from "generic" fips-updates. Warning: Installing generic fips-updates may result in lost hardware support and may prevent the system from booting. Do you accept the risk and wish to continue? (y/N) y Configuring APT access to FIPS Updates Updating FIPS Updates package lists Updating standard Ubuntu package lists Installing FIPS Updates packages Installing openssh-client openssh-server openssh-sftp-server FIPS Updates enabled A reboot is required to complete install. # reboot ... $ lxc shell fipstest # cat /proc/sys/crypto/fips_enabled 1 [1]: https://ubuntu.com/blog/ubuntu-22-04-fips-140-3-modules-available- for-preview -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
May not be the right tag, but it should at least get the attention of someone who can review this. ** Tags added: rls-jj-incoming -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
** Description changed:
Thank you @kylerhornor for the original bug report
[impact]
current version of clevis on jammy uses argon2id instead of pbkdf2 for the
encryption algorithm which is not approved by the NIST. An upstream commit
(https://github.com/latchset/clevis/commit/71596307516ce2367e6303bd7f7ae7b180b29a35)
did make clevis use pbkdf2 instead of argon2id to avoid OOM scenarios on
systems with constrained memory. So this fix also resolves this issue on jammy.
Noble currently has that fix.
Although argon2id is considered more secure, the maintainer has confirmed
that currently the entropy used by clevis is high enough to the point where
pbkdf2 is considered secure enough to replace argon2id. Please refer to comment
#5 on this links for the maintainers' response:
https://bugzilla.redhat.com/show_bug.cgi?id=1979256
Also the bugzilla thread above is a good read for anyone interested in
knowing more about why this change was made.
+
+ Also, some modifications were done to make sure that clevis will only
+ use pbkdf2 when the environment variable CLEVIS_FORCE_FIPS_MODE=1 is
+ set. This is done in order not to affect current clevis users
[Test Plan]
* Test plan to verify that the new encryption algorithm pbkdf2 is being
applied
This test plan was done on a libvirt/kvm virtual machine.
1. setup a jammy VM. Attach to it a tpm2 module (software or pass-
through) and an extra drive.
2. install clevis, clevis-tpm2 and clevis-luks:
$ sudo apt install clevis clevis-tpm2 clevis-luks
3. using lsblk note the name of the extra drive that was attached to the
VM. In this case vdb will be used as an example
4. run the following commands to setup partitions on the drive:
$ sudo parted /dev/vdb -- mklabel gpt
$ sudo parted /dev/vdb -- mkpart primary 0% 100%
5. setup luks and open the drive:
$ sudo cryptsetup luksFormat /dev/vdb1
$ sudo cryptsetup luksOpen /dev/vdb1
replace with a name of your choosing also note how vdb1 is used
in this step instead of vdb since we are formatting the partition
created in step 4. Verify these values on your system before running the
commands.
6. finally bind the drive with clevis using tpm2:
$ sudo clevis luks bind -d /dev/vdb1 tpm2
'{"hash":"sha256","key":"rsa","pcr_bank":"sha256","pcr_ids":"6"}'
7. Verify the encryption algorithm being used:
sudo cryptsetup luksDump /dev/vdb1 | grep PBKDF:
Currently this will show as argon2id but after applying the patch I
- backported from upstream and repeating step 6 it should show pbkdf2 in
- the new keyslot
+ backported from upstream and repeating step 6 with
+ CLEVIS_FORCE_FIPS_MODE=1 set it should show pbkdf2 in the new keyslot
* Test plan to verify that the new version does no break current disk
encryption that was done with argon2id.
1. On the non patched version of clevis, run all the steps in the first
part of the test plan, and make sure that the output of the final step
shows argon2id.
2. create an ext4 partition on the luks drive:
$ sudo mkfs.ext4 /dev/mapper/
Where is the same value used in step 5 of the first section of the
test plan.
3. Mount the drive:
$ sudo mount -t ext4 /dev/mapper/ /mount/point/of/your/choice
4. Access the drive via the mount point and write data to it (as an
example create a file and write any data inside it)
5. Unmount and close the luks drive:
$ sudo umount /mount/point/of/your/choice
$ sudo cryptsetup luksClose tpm_Drive
5. Upgrade clevis to the new version that uses pbkdf2.
6. Open the luks drive:
$ sudo cryptsetup luksOpen /dev/vdb1
7. Mount the drive:
$ sudo mount -t ext4 /dev/mapper/ /mount/point/of/your/choice
8. And finally verify that you are able to see and access the data you
had previously written.
[where problems could occur]
* The machine could fail to create the new keyslot
* Although the maintainer says that the entropy is high enough for pbkdf2 to
be secure it might not be as secure still as argon2id even tho it is NIST
compliant.
[Original Description]
Hello,
clevis released with version 18 on jammy (22.04). For reasons that are a
bit beyond me, the cryptsetup call inside of clevis creates keyslots
using argon2id as the pbkdf. While most folks would say this is
preferable, NIST still has not approved it and it is thus incompatible
with fips 140-3 at this time.
Oddly enough, there was an upstream commit that was implemented to help
with an OOM condition that accidentally forced pbkdf2 rather than
argon2id.
Commit found here:
https://github.com/latchset/clevis/commit/71596307516ce2367e6303bd7f7ae7b180b29a35
Ideally, we need to either just bring that commit back to the jammy
version, or get to the root cause of why cryptsetup in that exact
scenario prefers argon2id.
--
You received this bug notification because you are a
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
Hello, I have added a new option to clevis that allows the user to determine via an environment variable if they wish to enable FIPS compatibility or not. Sadly on jammy there is no '/proc/sys/crypto/fips_enabled' directory like on focal to check if the system is meant to run in FIPS mode, so I took inspiration from OpenSSL which allows the user to use OPENSSL_FORCE_FIPS_MODE=1 to enable FIPS mode. I named the variable CLEVIS_FORCE_FIPS_MODE, and when set to 1 it will switch clevis to use pbkdf2. I have ran tests where I locked and unlocked the drive with and without this command as well as locking the drive with it and trying to unlock without it. Let me know what you think! I will also update the test plan to reflect the new env variable ** Patch added: "jammy.debdiff" https://bugs.launchpad.net/ubuntu/jammy/+source/clevis/+bug/2073429/+attachment/5838575/+files/jammy.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
Thanks Robie, Ghadi, and Tobias for the discussion and reaching consensus on the way forward. I suggested something along these lines for the implementation in my initial review, but I hadn't captured all the considerations and implications you identified. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
I was concerned that changing the default KDF for existing Ubuntu 22.04 users for FIPS reasons seemed inappropriate because some users might object to that if (depending on their security perspective and who they trust) they consider PBKDF2 to be a KDF downgrade. I appreciate that upstream changed to PBKDF2 and this is present in newer Ubuntu releases, but that doesn't mean that users expect the change to be backported for FIPS reasons. On the other hand the OOM might be a reason to change it in an SRU, but I'm not aware that we have any reports of Ubuntu users being affected by that. I concluded with Tobias and Ghadi that it would be preferred for the KDF to default to PBKDF2 only if FIPS is enabled. That can be done either by putting this in the FIPS archives only, or in an SRU to the main archive with a runtime conditional on FIPS being enabled. Tobias prefers to do this in an SRU to the main archive, so Ghadi will amend the upload to do this. This was an SRU review of the justification only - I haven't done any code review yet. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
Thanks, I see all remaining remarks from comment #9 are addressed. The patch matches upstream, builds fine and passes local autopkgtests. @Ghadi also provided additional evidence from the Security Engineering team: sespiros: "Security standards might be able to provide a more authoritative answer but it looks good to me. imo this falls more into the bug category rather than a FIPS related change and separately I don't think it would be worth for instance solving it differently (like lowering the memory cost of pbkdf and keep using argon) since this helps with FIPS, it is a universe package (lower priority) and we are also not using clevis in our own FDE. I also don't think it should count as a security update. My first thought of potential breakage of existing ubuntu users that have already used clevis with keys generated with the old format, seem to have already been discussed in the SRU." chrisccoulson: "clevis isn't something we really care about or support, but I guess the change is ok given the justification that the entropy supplied to the KDF is high (we already made a similar change in Ubuntu Core for this reason). FTR, we did have someone request that the default KDF for cryptsetup be changed from argon2i (at the time - it's argon2id now) to pbkdf2 in order to satisfy FIPS requirements, and we declined that because it's primary input is low entropy user passphrases, and we didn't see weakening security to meet certification requirements as a good trade off" (Internal reference: https://chat.canonical.com/canonical/pl/pyi7wbx33irrfp1b5zbz79uagc) LGTM. Sponsored for SRU review and unsubscribed ~ubuntu-sponsors. https://launchpad.net/ubuntu/jammy/+queue?queue_state=1&queue_text=clevis -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
Hello Mauricio, After some internal discussions with the security team, they have confirmed the validity of the change, and also noted that this algorithm is already in use in Ubuntu core. Hope this helps! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
Hello Mauricio,
I have updated the Test plan to include another section that will help
confirm that clevis will still be able to decrypt argon2id devices.
Thank you for your feedback!
** Description changed:
Thank you @kylerhornor for the original bug report
[impact]
current version of clevis on jammy uses argon2id instead of pbkdf2 for the
encryption algorithm which is not approved by the NIST. An upstream commit
(https://github.com/latchset/clevis/commit/71596307516ce2367e6303bd7f7ae7b180b29a35)
did make clevis use pbkdf2 instead of argon2id to avoid OOM scenarios on
systems with constrained memory. So this fix also resolves this issue on jammy.
Noble currently has that fix.
- Although argon2id is considered more secure, the maintainer has confirmed
that currently the entropy used by clevis is high enough to the point where
pbkdf2 is considered secure enough to replace argon2id. Please refer to comment
#5 on this links for the maintainers' response:
+ Although argon2id is considered more secure, the maintainer has confirmed
that currently the entropy used by clevis is high enough to the point where
pbkdf2 is considered secure enough to replace argon2id. Please refer to comment
#5 on this links for the maintainers' response:
https://bugzilla.redhat.com/show_bug.cgi?id=1979256
Also the bugzilla thread above is a good read for anyone interested in
knowing more about why this change was made.
[Test Plan]
+ * Test plan to verify that the new encryption algorithm pbkdf2 is being
applied
+
This test plan was done on a libvirt/kvm virtual machine.
1. setup a jammy VM. Attach to it a tpm2 module (software or pass-
through) and an extra drive.
2. install clevis, clevis-tpm2 and clevis-luks:
$ sudo apt install clevis clevis-tpm2 clevis-luks
3. using lsblk note the name of the extra drive that was attached to the
VM. In this case vdb will be used as an example
4. run the following commands to setup partitions on the drive:
$ sudo parted /dev/vdb -- mklabel gpt
$ sudo parted /dev/vdb -- mkpart primary 0% 100%
5. setup luks and open the drive:
$ sudo cryptsetup luksFormat /dev/vdb1
$ sudo cryptsetup luksOpen /dev/vdb1
replace with a name of your choosing also note how vdb1 is used
in this step instead of vdb since we are formatting the partition
created in step 4. Verify these values on your system before running the
commands.
6. finally bind the drive with clevis using tpm2:
$ sudo clevis luks bind -d /dev/vdb1 tpm2
'{"hash":"sha256","key":"rsa","pcr_bank":"sha256","pcr_ids":"6"}'
7. Verify the encryption algorithm being used:
sudo cryptsetup luksDump /dev/vdb1 | grep PBKDF:
Currently this will show as argon2id but after applying the patch I
backported from upstream and repeating step 6 it should show pbkdf2 in
the new keyslot
+ * Test plan to verify that the new version does no break current disk
+ encryption that was done with argon2id.
+
+ 1. On the non patched version of clevis, run all the steps in the first
+ part of the test plan, and make sure that output of the final step shows
+ argon2id.
+
+ 2. create an ext4 partition on the luks drive:
+
+ $ mkfs.ext4 /dev/mapper/
+ Where is the same value used in step 5 of the first section of the
test plan.
+
+ 3. Mount the drive:
+ $ mount -t ext4 /dev/mapper/ /mount/point/of/your/choice
+
+ 4. Access the drive via the mount point and write data to it (as an
+ example create a file and write any data inside it)
+
+ 5. Unmount and close the luks drive:
+ $ umount /mount/point/of/your/choice
+ $ sudo cryptsetup luksClose tpm_Drive
+
+ 5. Upgrade clevis to the new version that uses pbkdf2.
+
+ 6. Open the luks drive:
+ $ sudo cryptsetup luksOpen /dev/vdb1
+
+ 7. Mount the drive:
+ $ mount -t ext4 /dev/mapper/ /mount/point/of/your/choice
+
+ 8. And finally verify that you are able to see and access the data you
+ had previously written.
+
+
[where problems could occur]
* The machine could fail to create the new keyslot
- * Although the maintainer says that the entropy is high enough for pbkdf2 to
be secure it might not be as secure still as argon2id even tho it is NIST
compliant.
-
+ * Although the maintainer says that the entropy is high enough for pbkdf2 to
be secure it might not be as secure still as argon2id even tho it is NIST
compliant.
[Original Description]
Hello,
clevis released with version 18 on jammy (22.04). For reasons that are a
bit beyond me, the cryptsetup call inside of clevis creates keyslots
using argon2id as the pbkdf. While most folks would say this is
preferable, NIST still has not approved it and it is thus incompatible
with fips 140-3 at this time.
Oddly enough, there was an upstream commit that was implemented to help
with an OOM condition that accidentally forced pbkdf2 rather than
argon2id.
Commit found here:
https://github.com/latchset/clevi
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
Hello Mauricio, Thank you for the review! I have applied the changes requested: - undone the refresh of the other patch (apologies for not noticing that earlier) - renamed the patch to contain the lp prefix - removed the "Author:" field and incorporated it in the "From:" field I will work on a write up to test if argon2id is still functional after this change. I will first need to come up with a test methodology. ** Patch added: "jammy-clevis.debdiff" https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+attachment/5812119/+files/jammy-clevis.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
Hi Kyler, Ghadi, Security team, Thanks for the work on this, the SRU bug template, and the debdiff! IMHO, this request (not necessarily the code changes) _has_ to be reviewed by the Security Engineering team before proceeding. (Security team: ref: SRU bug template and bugzilla comments 3-5) ... The change seems to make sense, AFAICT, considering it might be an improvement over the Jammy life-cycle and is present in Noble. However, I wonder: is the context behind this is more about FIPS than the OOM/memory usage problem? If so, a less impactful change for Jammy could be conditional on FIPS mode (check via `/proc/sys/crypto/fips_enabled`) in order to trigger the change. This would be less impactful for existing Jammy users since FIPS for Jammy is a lot more recent than April 2022, IIRC (fips-preview last month, IIHC?) But if it makes sense to enable that for everyone, just ignore this idea. I have subscribed Security for a review; and will post my debdiff review. Thanks again, Mauricio -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
- SRU bug template: OK/FIX This looks really good, but please: Add a test step to ensure that a device bound to clevis _without_ the change (i.e., which used argon2id) _works_ _with_ the new change (which uses pbkdf2). That is, check for no regressions to existing users. - d/changelog: Version: OK Series: OK LP bug: OK Author: OK - d/p/0001-sss-use-BN_set_word-x-0-instead-of-BN_zero.patch: FIX Unrelated noise; quilt refresh'ed this other patch too? Please do that only for the patch you're adding, on SRUs. Thanks! - d/p/explicitly_specify_pbkdf_iterations_to_cryptsetup.patch: Filename: OK/FIX Optional, but helpful, please ad `lp-` prefix to .patch filename (even though it's present in .patch contents); it helps! DEP3: look great, thanks! BTW, you don't need `Author:` as you have `From:` with git patch. Thanks again. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
Hi Vladimir, Thank you for reviewing the patch! I applied the requested changes, let me know how it looks. ** Patch added: "jammy-clevis.debdiff" https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+attachment/5811101/+files/jammy-clevis.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
Hi, Thank you Would it be possible to make some minor changes to the attached debdiff: d/changelog: Replace argon2id with pbkdf2 for fips compatibility (LP: 2073429) => (LP: #2073429) d/p/explicitly_specify_pbkdf_iterations_to_cryptsetup.patch: - run quilt refresh to avoid introducing spurious changes later - nit: add proper email of upstream Author. - nit: add Bug: field referencing upstream bug. Note: unsubscribing Sponsors, please resubscribe after making the changes. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
The issue was fixed upstream and available in version 20-1 in noble and jammy. ** Also affects: clevis (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: clevis (Ubuntu Oracular) Importance: Undecided Status: Confirmed ** Changed in: clevis (Ubuntu Noble) Status: New => Fix Released ** Changed in: clevis (Ubuntu Oracular) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: clevis (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
Attached is the patch for Jammy. The fix is already available is newer
releases
** Description changed:
+ Thank you @kylerhornor for the original bug report
+
+ [impact]
+ current version of clevis on jammy uses argon2id instead of pbkdf2 for the
encryption algorithm which is not approved by the NIST. An upstream commit
(https://github.com/latchset/clevis/commit/71596307516ce2367e6303bd7f7ae7b180b29a35)
did make clevis use pbkdf2 instead of argon2id to avoid OOM scenarios on
systems with constrained memory. So this fix also resolves this issue on jammy.
Noble currently has that fix.
+ Although argon2id is considered more secure, the maintainer has confirmed
that currently the entropy used by clevis is high enough to the point where
pbkdf2 is considered secure enough to replace argon2id. Please refer to comment
#5 on this links for the maintainers' response:
+
+ https://bugzilla.redhat.com/show_bug.cgi?id=1979256
+
+ Also the bugzilla thread above is a good read for anyone interested in
+ knowing more about why this change was made.
+
+ [Test Plan]
+ This test plan was done on a libvirt/kvm virtual machine.
+
+ 1. setup a jammy VM. Attach to it a tpm2 module (software or pass-
+ through) and an extra drive.
+
+ 2. install clevis, clevis-tpm2 and clevis-luks:
+
+ $ sudo apt install clevis clevis-tpm2 clevis-luks
+
+ 3. using lsblk note the name of the extra drive that was attached to the
+ VM. In this case vdb will be used as an example
+
+ 4. run the following commands to setup partitions on the drive:
+
+ $ sudo parted /dev/vdb -- mklabel gpt
+ $ sudo parted /dev/vdb -- mkpart primary 0% 100%
+
+ 5. setup luks and open the drive:
+
+ $ sudo cryptsetup luksFormat /dev/vdb1
+ $ sudo cryptsetup luksOpen /dev/vdb1
+
+ replace with a name of your choosing also note how vdb1 is used
+ in this step instead of vdb since we are formatting the partition
+ created in step 4. Verify these values on your system before running the
+ commands.
+
+ 6. finally bind the drive with clevis using tpm2:
+
+ $ sudo clevis luks bind -d /dev/vdb1 tpm2
+ '{"hash":"sha256","key":"rsa","pcr_bank":"sha256","pcr_ids":"6"}'
+
+ 7. Verify the encryption algorithm being used:
+ sudo cryptsetup luksDump /dev/vdb1 | grep PBKDF:
+
+ Currently this will show as argon2id but after applying the patch I
+ backported from upstream and repeating step 6 it should show pbkdf2 in
+ the new keyslot
+
+ [where problems could occur]
+
+ * The machine could fail to create the new keyslot
+ * Although the maintainer says that the entropy is high enough for pbkdf2 to
be secure it might not be as secure still as argon2id even tho it is NIST
compliant.
+
+
+ [Original Description]
Hello,
clevis released with version 18 on jammy (22.04). For reasons that are a
bit beyond me, the cryptsetup call inside of clevis creates keyslots
using argon2id as the pbkdf. While most folks would say this is
preferable, NIST still has not approved it and it is thus incompatible
with fips 140-3 at this time.
Oddly enough, there was an upstream commit that was implemented to help
with an OOM condition that accidentally forced pbkdf2 rather than
argon2id.
Commit found here:
https://github.com/latchset/clevis/commit/71596307516ce2367e6303bd7f7ae7b180b29a35
-
- Ideally, we need to either just bring that commit back to the jammy version,
or get to the root cause of why cryptsetup in that exact scenario prefers
argon2id.
+ Ideally, we need to either just bring that commit back to the jammy
+ version, or get to the root cause of why cryptsetup in that exact
+ scenario prefers argon2id.
** Changed in: clevis (Ubuntu Jammy)
Assignee: (unassigned) => Ghadi Rahme (ghadi-rahme)
** Changed in: clevis (Ubuntu Jammy)
Importance: Undecided => High
** Patch added: "clevis-jammy.debdiff"
https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+attachment/5799967/+files/clevis-jammy.debdiff
** Changed in: clevis (Ubuntu Jammy)
Status: New => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2073429
Title:
Jammy clevis forces argon2id for keyslots
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
The attachment "luks.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 2073429] Re: Jammy clevis forces argon2id for keyslots
I think I made the patch file correctly.. ** Patch added: "luks.patch" https://bugs.launchpad.net/ubuntu/jammy/+source/clevis/+bug/2073429/+attachment/5798147/+files/luks.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2073429 Title: Jammy clevis forces argon2id for keyslots To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clevis/+bug/2073429/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
