On Mon, Jun 5, 2023 at 11:38 PM Adrian Vovk <adrianv...@gmail.com> wrote:
> > 2. The alternative approach involves pre-calculating PCR[7] on the > client if we're updating DBX or Shim. Here's how I envision this > going: > - We read the TPM log (which we can trust because we're currently > booted to system verified via the chain of trust) and extract > everything read into PCR[7] > - We clear PCR[16], then start replaying everything from the TPM log > - When we reach the measurement of DBX, we pre-calculate the new value > of DBX and measure that in instead. This would probably need > collaboration w/ fwupd > - When we reach the measurements made by Shim, we use the new values > instead. See https://github.com/rhboot/shim/issues/555 > - PCR[16] now contains the future value for PCR[7]. We enroll (into a > new keyslot) TPM decryption. We seal against 16+11+14, but then > configure it to unseal against 7+11+14 (this is the one step I'm iffy > about. Is this possible??) > You don't need to replay everything *into a real PCR* at all – the extend operation is just a regular hash operation SHA(pcr||value), you can recalculate everything in software, then seal the keyslot against your provided PCR values instead of the "live" ones. I have an old hack proof of concept for that (written mostly because I didn't want to touch any of that SB signing even with a stick): 1. PCR[4] replay in userspace https://github.com/grawity/tpm_futurepcr (code is ugly but it's really just calculating a hash chain, while "updating" certain TPM log events) 2. Creating systemd-compatible LUKS tpm2 tokens against arbitrary PCR values https://git.nullroute.lt/cgit/hacks/tpmreseal.git/ (systemd has extended its LUKS token format a little bit since then, but the basic format still works, at least I'm able to use it on my system) I expected #1 to be superseded by `systemd-measure` (available in latest systemd); apparently it's not quite the same but it does focus on Secure Boot and signed PCRs, so maybe you can get `systemd-measure` to do exactly what you want? There's a github RFE filed for #2 so it might show up in systemd-cryptenroll someday. -- Mantas Mikulėnas
