heads icon indicating copy to clipboard operation
heads copied to clipboard

Published 20 hours ago verified publisher icon linuxboot

Make it possible to report headers of which LUKSes to be unlocked via TPM change

Open root-hardenedvault opened this issue 2 years ago • 6 comments

#1092

root-hardenedvault avatar Jan 20 '22 12:01 root-hardenedvault

@root-hardenedvault ping?

tlaurion avatar Jan 27 '22 18:01 tlaurion

@root-hardenedvault https://github.com/osresearch/heads/pull/1093#discussion_r789788266 ?

tlaurion avatar Feb 02 '22 18:02 tlaurion

@root-hardenedvault Would it be possibleto address review here?

tlaurion avatar Mar 07 '22 16:03 tlaurion

Testing header change (by cryptsetup-reencrypt).

Prior of reencryption of device, trying to unseal TPM encryption key with bad TPM disk unlock key passphrase, the code doesn't go through changed code to show "Headers of LUKSes to be unlocked via TPM do not change." there.

Instead, and as expected, since the header is part of what is measured and sealed, we only get a "bad TPM unseal password", which happens from tpm binary, and given by errors at https://github.com/osresearch/heads/blob/14c76d062c199f17ff6369091a80d2885cb54914/initrd/bin/kexec-unseal-key#L34-L38 It outputs: "Error Authentication failed (Incorrect Password) from TPM_Unseal" since not successful.

On reboot, after having reencrypted encrypted drive, attempting to boot the default option prompts to type the TPM disk unlock key passphrase and gives: "Unable to unseal disk encryption key": https://github.com/osresearch/heads/blob/14c76d062c199f17ff6369091a80d2885cb54914/initrd/bin/kexec-unseal-key#L46

also not running through modified code from this PR. Intuition is that the inverse diff should happen just there.

It seems that the diff in question and associated message never shows. Am I missing something @root-hardenedvault ?

tlaurion avatar Mar 11 '22 22:03 tlaurion

@root-hardenedvault

The following works in both case: when the user enters a bad TPM disk encryption key passphrase, and when he enters a good one but the LUKS headers changed:

diff --git a/initrd/bin/kexec-unseal-key b/initrd/bin/kexec-unseal-key
index e016f5bd..b410f706 100755
--- a/initrd/bin/kexec-unseal-key
+++ b/initrd/bin/kexec-unseal-key
@@ -44,6 +44,9 @@ for tries in 1 2 3; do
 
        pcrs
        warn "Unable to unseal disk encryption key"
+       if ! diff /boot/kexec_lukshdr_hash.txt /tmp/luksDump.txt > /dev/null 2>&1; then
+               warn "Encrypted LUKS(es) headers changed since they were measured and sealed in TPM when you configured a disk unlock key. You might want to investigate."
+       fi
 done
 
 die "Retry count exceeded..."

I was never able to trigger the message in your PR. Please update.

tlaurion avatar Mar 12 '22 20:03 tlaurion

Ok got it. So without code addition above, with ed1c23aaa3f8d5264c5b6e5f66ad359406bed166 the user is actually hitting your code if he types his TPM disk unlock unlock code 3 times, and receives a raw diff output, without a warning in the case the LUKS Header changed.

Following ed1c23aaa3f8d5264c5b6e5f66ad359406bed166, current PR shows to the user, only after 3 bad TPM disk unlock passphrase:

  • uncontextualized diff output if mismatch
  • No message if mismatch (message requires a positive diff exit (no change) to show the message (&&) that there was no change (there was change).

See picture: signal-2022-03-12-165352

tlaurion avatar Mar 12 '22 21:03 tlaurion

Superseeded by #1625

tlaurion avatar Mar 27 '24 15:03 tlaurion