clevis icon indicating copy to clipboard operation
clevis copied to clipboard

Published 20 hours ago verified publisher icon latchset

password pin support

Open tscherf opened this issue 6 years ago • 6 comments

People are interested in the password pin support when clevis is used with sss. This ticket is to track the interest.

tscherf avatar May 09 '18 07:05 tscherf

I'm interested in this, too. I'd like to have several available factors, one of which I'd like to be a password which can be printed as QR code and put in a safe. The version of clevis from 2+ years ago supported both pwd and http...why'd those go away?

ktmodo avatar Feb 21 '19 20:02 ktmodo

I'm also interested in this. I'll would like very much to be able to have unlock with tpm + password. This would allow to mitigate some weaknesses of both tpm (cold boot attack) and password (brute force).

In addition, it should be possible to update one of the tpm's PCR with a hash computed from the password to ensure the tpm secret remain sealed until the correct password is provided.

vasami avatar Dec 14 '20 18:12 vasami

would also love to see this

use case: setting up a trustworthy physical machine which contains a semi automated workflow for root ca crl generation

we already use vault and hence SSS with t>=3 to assure that not one person alone can unseal the vault, but to satisyf our paranoia towards untampered helper scripts we'd love the ability to integrate SSS in luks open of the root volume

because then noone with physical access to this machine could do bad things

strima avatar Jan 20 '21 12:01 strima

Yes please. I'm rather uncomfortable with the current scheme where a stolen device would be able to be booted, as that allows things like cold boot attacks or waiting for a privilidge escalaction exploit for the installed kernel version. :+1:

generalmanager avatar Jan 24 '22 03:01 generalmanager

Is cold boot attack even a real possibility? Sounds like a pretty intense threat model I just use TPM with clevis and keep my gnome password on. Pretty much covers all bases.

BinaryGenius avatar Oct 13 '22 23:10 BinaryGenius

This would allow to mitigate some weaknesses of both tpm (cold boot attack) and password (brute force).

To add, when using password alone, you might not know your system was compromised by an evil maid until it's too late. However, if you add TPM2 measurements in the mix (Secure Boot, etc.), this is mitigated, as password won't unlock the disk of the compromised system.

WGH- avatar May 01 '24 06:05 WGH-