at this point lanzaboote and secure boot is working fine i am happy on it, but still want to get PCR 0+2+7 crypt unlock and some small custom loading screen, but atleast the unlock by tpm. Question is any huge downside/issues applying on it now? i have experience on aeon/kinoite/silverblue etc and i know each firmware update needs reroll keys usually, but that is pretty standard atm still
Yes, you need to also use pcr 15: A Modern and Secure Desktop Setup - #17 by ElvishJerricco
Thank you so 0+2+7+15 setup and I gues the answer yes was for downside/issues answer
To be clear, you can’t just bind to 15 to solve the problem. You need to bind to PCR 15 being zeroed, add the tpm2-measure-pcr=yes crypttab option, and make sure you only refer to the mapper device with /dev/mapper/foo rather than anything like /dev/disk/by-uuid/asdf
i tryed to setup on my system with PCR 0,2,7,15 i have on that one small issues i cant figure. it opens root/drive, but swap not so i still needs to enter passphrase to swap. i even might be thinking and setting this totally wrong so for now i am at PCR 0,2,7 that works. Even my snippet might be fully wrong not sure atleast it works now on PCR 0,2,7
# =============================================================
# BOOTLOADER, SECURE BOOT & TPM UNLOCK
# =============================================================
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
# 1. Enable TPM2 tools in the OS
security.tpm2 = {
enable = true;
pkcs11.enable = true;
tctiEnvironment.enable = true;
};
boot.initrd = {
# 2. Enable systemd in initrd (Required for TPM2 unlock)
systemd.enable = true;
# 3. Load TPM drivers early
kernelModules = [ "tpm_tis" ];
# 4. Configure BOTH drives to unlock via TPM so boot is silent
luks.devices = {
# ROOT DRIVE (Your OS) - UUID ending in 93cc1
"luks-f1a43e56-d2f9-4b0e-9238-82b840993cc1" = {
device = "/dev/disk/by-uuid/f1a43e56-d2f9-4b0e-9238-82b840993cc1";
crypttabExtraOpts = [ "tpm2-device=auto" ];
};
# SWAP DRIVE - UUID ending in ef52
"luks-8edb1b27-5162-4113-8d34-8b440a45ef52" = {
device = "/dev/disk/by-uuid/8edb1b27-5162-4113-8d34-8b440a45ef52";
crypttabExtraOpts = [ "tpm2-device=auto" ];
};
};
};
1 Like
When LUKS device key is bind to PCR 15:sha256=0000000000000000000000000000000000000000000000000000000000000000, it tells TPM2 to only unlock key for it when PCR 15 value is 0. tpm2-measure-pcr=yes option makes cryptsetup measure LUKS volume key, name and its UUID into PCR 15. This makes PCR 15 have some hash different from 0 and TPM2 would not unlock key anymore.
With 2 or more devices it presents a problem, because this measurement happens after each device is unlocked.
As I understand, solution for it is using pcrlock policy (systemd-pcrlock, option for enrolling --tpm2-pcrlock=) but it is experimental and source code for NixOS TPM2 module has TODO for them
1 Like
Please understand that without some kind of mitigation for the stage 2 transition problem, the drive might as well not be encrypted, as it’s trivial for an attacker to boot their own OS on the machine and still satisfy these PCRs.
(systemd-pcrlock, or just systemd-pcrphase+systemd-measure, which is less powerful but simpler)
Yes this is only for now untill I can get that PCR 15 working. I need to do some research and studying how I can make this work and ask here support later when I can get back to home and have time to start setting it
1 Like