On Wed, Jul 5, 2023 at 2:11 PM Felix Rubio <fe...@kngnt.org> wrote:
> For what is explained on the the systemd-pcrphase.service(8) and > comparing it to what I see in the log of the systemd services, there are > three events in relation to this question: > > systemd-pcrphase-initrd.service > [...] > [systemd-ask-password-console.service] > [...] > systemd-pcrphase-sysinit > systemd-pcrphase > > This means that, indeed, running cryptenroll after the new kernel has > booted will never provide the correct PCR registry for 11. But then... > what options do I have? Do I need to choose between having PCRs 7 and > 14, so that I make sure that SB is up and running and all the certs from > shim have not changed, or to have only PCR 11 so that I know that the > UKI has not changed although SB can potentially be even disabled > (please, correct me if wrong)? > I think the idea is to use `systemd-measure` to precompute PCR 11 for a specific phase, then use the precomputed PCR value instead of the "live" PCR value when sealing the data. systemd-cryptenroll does not accept raw PCR values directly (though I use a separate python script for that); instead it accepts --tpm2-public-key= as a public key that could be used to *sign* PCR values, and an external --tpm2-signature= path that'll contain the signed data. So I believe you're supposed to use systemd-measure to precompute and sign PCR 11, put the signed file in /boot, and tell systemd-cryptenroll to use that when unlocking. (Later you only need to re-sign the PCR measurements in /boot without needing to re-do cryptenroll.) -- Mantas Mikulėnas