Luks tpm2

GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together. Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account. I'm struggling with clevis 9 on CentOS7 right now with some success but some question is bothering me: i want to automatically boot host with luks-encrypted disk using TPM2. But will i be able to unencrypt this disk on same host booted from other source other disk, pendrive? Now, if you seal against a PCR state i. But even in that case, you may be able to unlock it using the original LUKS master key in slot 0 since clevis does not remove that.

The tpm2 pin says the following in its man page:. So just using the clevis tpm2 pin protects you from someone stealing an encrypted disk from a physical machine or a guest VM from a host. But it doesn't protect from someone stealing a laptop for example and get access to both the encrypted media and the tpm2 device. For the latter case, the disk should also be bound to something that won't be accessible by the attacker.

For example using the Shamir Shared Secret pin and splitting the key in two parts and use both the tpm2 and the tang server to store those parts. Skip to content. Dismiss Join GitHub today GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together. Sign up. New issue. Jump to bottom. Copy link Quote reply.

This comment has been minimized. Sign in to view. There's a clevis luks unlock command that you could use to unlock the disk. So, it's imposible to protect encrypted disk from decryption? Thank you for information.

The tpm2 pin says the following in its man page: Threat model The Clevis security model relies in the fact that an attacker will not be able to access both the encrypted data and the decryption key.

For most Clevis pins, the decryption key is not locally stored, so the decryption policy is only satisfied if the decryption key can be remotely accessed.

It could for example be stored in a remote server or in a hardware authentication device that has to be plugged into the machine. The tpm2 pin is different in this regard, since a key is wrapped by a TPM2 chip that is always present in the machine.GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.

If nothing happens, download GitHub Desktop and try again. If nothing happens, download Xcode and try again. If nothing happens, download the GitHub extension for Visual Studio and try again.

Back in the day when the world was just adopting smartphones, we came up with the idea of a non-obtrusive system for securing a mobile phone. The idea was that if a particular "agent" was installed on the device, the device would function as per normal. Fast-forward many-many years later and we have the Trusted Platform Module. The TPM architecture also allows non-volatile storage of information that can be "sealed" based on the value of the PCRs. But if the PCRs change, the information cannot be retrieved and the encrypted drive is forever locked out.

While researching how to create a secure partition on Ubuntu However, for TPM 2. Once you are done with that, you need to build and install the TPM Software Stack tpm2-tss library which you can obtain from here. I downloaded the. Again, I downloaded the. The third tool to install is the TPM 2 Tools which you can download from here.

Again, I downloaded the tar file and uncompressed it in my working folder. Now, we are ready to install the final tool which is called cryptfs-tpm2 which has no releases as on the date of this writing.

So, we need to clone the repository:. With the default configuration of GRUB, a user can enter recovery mode and be root at the shell. We want to disable this option. Also, it might be advisable to disable the guest account.

Then put the following contents in the file and save.

Configuring Secure Boot + TPM 2

As these steps can affect the PCR values, it is advisable you complete them before the next step. For this section, it is assumed that you have an Ext4 partition that is not currently mounted. If the partition is mounted, first unmount it:. We can now create the LUKS container and mount it:.

If you have PostgreSQL installed, the following snippet can help you move it to the secure partition.GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together. If nothing happens, download GitHub Desktop and try again. If nothing happens, download Xcode and try again.

luks tpm2

If nothing happens, download the GitHub extension for Visual Studio and try again. The original guide is below for reference. In my two and a half years as penetration tester, I had to learn the lesson that nowadays, physical access to a system doesn't necessarily mean access to all its secret data. If something in the boot-process is changed by an attacker, the system won't start up without having received the correct Bitlocker recovery key.

This makes it more difficult I'm not saying impossible for an attacker to gain access to a system for which he doesn't know the password, even though the system isn't asking for anything during boot time. Being a Linux guy myself, I wanted to achieve with my favorite OS what Windows was already capable of.

luks tpm2

I was not able to find a full guide how to use LUKS or any other disk-encryption in combination with the TPM under Linux, thus motivating me to investigate and describe this process.

Everything that is needed already exists, but it took me quite a while to have everything set up correctly. I hope that with this guide I can save some people that work. So, let's get started. Personally, I prefer Debian. So that's one easy way to do it.

However, any other distro is fine too of course. Bare in mind though that some distros make use of dracut instead of initramfsso you might have to change some things if you want to use for example RedHat or Fedora. You'll have to take ownership of your TPM in case you haven't done so yet. You might be required to clear your TPM before you do this. Unfortunately, there is no defined way of how to do this, it depends on the hardware you are using. If not, you might want to look up a guide on how to reset the TPM on your hardware.

First, install TrouSers and tpm-tools. Using Debian, this can be done with. Choose a secure value for the owner password. You'll need this one only during updates, so you could also store it in a password manager.

Since the bash-scripts we are about to use will hand the password as parameter to some commands, this could cause problems. Now you can reboot to see if everything works. However, since there is no decryption being done in the bootloader, this register stays empty. Next, we are going to create a key file, which we will be add to our keys for the LUKS-encryption partition.

NOTE: Some people might not like the idea of the keyfile being temporary stored on the harddisk. Personally, I don't really see a problem with that, since it is stored on an encrypted harddisk. If an attacker is able to read the keyfile from your encrypted harddisk, you are in much bigger trouble anyway. Also, what's the purpose of the whole disk-encryption idea? Stopping an attacker with physical access to your machine from reading your files.

And also has root access to your machine Further, if we do not store or wipe the keyfile, we would be required to create a new LUKS key and remove the old one each time there was for example a kernel update. For all those reasons, I currently don't see a reason for not storing the keyfile on your harddisk.Encryption of data at rest is a key component of security.

LUKS provides the ability to encrypt Linux volumes, including both data volumes and the root volume containing the OS. The OS can provide the crypto keys for data volumes, but something has to provide the key for the root volume to allow the system to boot. This works well for laptop and desktop systems, but is not well suited for servers or virtual machines since is an obstacle for automation.

That way the volume can be automatically unlocked without typing a pass-phrase by using the TPM2 to obtain the master key. A key point here is that the actual LUKS master key is not present in plain text form on the system, it is protected by TPM encryption. Also, by sealing the LUKS master key with a specific set of Platform Configuration Registers PCRone can make sure that the volume will only be unlocked if the system has not been tampered with.

Clevis has dracut and udisks2 support to do this automatically and the next version of Clevis will also include a command line tool to unlock non-root data volumes. Clevis provides a mechanism to automatically supply the LUKS master key for the root volume. The initial implementation of Clevis has support to obtain the LUKS master key from a network service, but we have extended Clevis to take advantage of a TPM2 chip, which is available on most servers, desktops and laptops.

By using a TPM, the disk can only be unlocked on a specific system — the disk will neither boot nor be accessed on another machine. This implementation also works with UEFI Secure Boot, which will prevent the system from being booted if the firmware or system configuration has been modified or tampered with. To make use of all the Clevis infrastructure and also be able to use the TPM2 as a part of more complex security policies, the TPM2 support was implemented as a clevis tpm2 pin.

The generated JWE contains both the public and wrapped sensitive portions of the created object, as well as information on how to unseal it from the TPM2 hashing and key encryption algorithms used to recalculate the primary key, PCR policy for authentication, etc.

And also there are still discussions on the pull request about some details, but it should be ready to land soon. The Clevis command line tools can be used to encrypt and decrypt data using a TPM2 chip. The tpm2 pin has reasonable defaults but one can configure most of its parameters using the pin JSON configuration refer to the Clevis tpm2 pin documentation for thesee. The next version of Clevis also has a clevis-luks-unlock command line tool, so a LUKS volume could be manually unlocked with:.

Each part is then encrypted using another pin and a threshold is chose to decide how many parts are needed to reconstruct the encryption key, so the secret can be decrypted. The boot partition still needs to remain unencrypted so the bootloader is able to load a Linux kernel and an initramfs that contains Clevis, to unlock the encrypted LUKS volume for the root partition. Since the initramfs is not signed on a Secure Boot setup, an attacker could replace the initramfs and unlock the LUKS volume.

So the threat model meant to protect is for an attacker that can get access to the encrypted volume but not to the trusted machine. There are different approaches to solve this limitation. Later the usual initramfs can unlock the LUKS volume by using the key already stored in the Linux kernel. But there is work to be done for both approaches, so it will take some time until we have protection for this threat model.

Still, having an encrypted root partition that is only automatically unlocked on a trusted machine has many use cases. To list a few examples:.

luks tpm2

This is easier and it works very well with systemd-bootd at the very least I also had to sign intel ucode. Also, the initramfs is generated in the machine for example on a kernel install, but could also be re-generated when installing any random package that wants to include something into the initramfs. But this would require to calculate the hash digest for the initramfs to use this value when sealing and also ties the sealed key to a specific initramfs so you will need one sealed object per initramfs.

There are patches in the mailing for some time but were not merged yet:. The idea of using PCR7 is to avoid tying the sealed object with components that could change kernel, initramfs, etc but instead associate it with the Secure Boot setup which should remain constant. As far as measured boot goes are you familiar with Intel TXT? Is there have some still available guide?

All failed. Thank you very much!GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together. If nothing happens, download GitHub Desktop and try again.

Subscribe to RSS

If nothing happens, download Xcode and try again. If nothing happens, download the GitHub extension for Visual Studio and try again. Skip to content. Dismiss Join GitHub today GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together. Sign up. Branch: master. Find file. Sign in Sign up.

Go back. Launching Xcode If nothing happens, download Xcode and try again. Latest commit. Latest commit 3fa3ea4 May 23, Required steps B. Fedora 17 D. Available at sf. Start the tcsd: tcsd trousers 0. An extra byte is prepended as a version check. Fedora 17 Do these steps manually: 1. Reboot D. The usual use case would be to boot using a TPM-aware bootloader which records the kernel and initramfs you've booted. This would prevent your LUKS secret from being retrieved from the TPM chip if the machine was booted from any other media or configuration.

A vanilla install of TrustedGrUB doesn't appear to work with Fedora 17 -- if you get TrustedGrUB working with recent fedora distros, please send a note to trousers-users lists. Note that trustedgrub is supported 32bit only, so you'll need for example the glibc-devel. Once you've installed TrustedGrub successfully, reboot, then continue with these steps: 1. You'll want to take some time and make sure you really understand what you're doing here.

Complete the steps in C.GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together. If nothing happens, download GitHub Desktop and try again.

If nothing happens, download Xcode and try again. If nothing happens, download the GitHub extension for Visual Studio and try again. This script assumes you will be using a sealed keyfile or a key stored in the TPM during boot to unlock the root file system. It is intended to be used as part of your kernel update process to generate a key sealed against the new kernel's PCR values. The script facilitates a variety of kernel update flows.

For example, you could set a temporary passphrase interactively during the update:. Alternately, the PCR values of the new kernel can be computed in advance using and external command. The script requires two LUKS key slots to function: one for the sealed keyfile and one for the temporary passphrase. You are also strongly encouraged to dedicate an additional slot for a recovery passphrase not managed by luks-tpm2. This action will prompt for an existing LUKS passphrase and remove any existing key in slot 1.

Set a temporary LUKS passphrase. The user will be interactively prompted to enter this temporary passphrase. Prompts the user for the temporary passphrase if needed and uses it to set a new passphrase in slot 1. By default, LUKS slot 1 will be replaced. Pre-computes the PCR values for the kernel that will be used on next boot. Use the precomputed values to replace the current LUKS passphrase with a new, random value.

Pre-computing the PCR values is accomplished using an external command specified by the -c option or using the defaults file. The command is expected to accept the PCR bank specification used to seal the passphrase, compute the PCR values for the next system boot, and write their binary values to the supplied output path.

Variables read from the config file will override hard coded defaults, but will not override command line arguments. This indicates that the system has not been altered since the data was sealed.

Using TPM 2.0 As a Secure Keystore on your Laptop It's not as difficult as you think!

For example, to use the in-kernel RM:. Before storing sealed key files on disk, you must create a parent encryption key on the TPM. In this example, we create a primary RSA key in the owner hierarchy and make it persistent at handle 0x :.

The parent encryption key can optionally be created with a password. This password will need to be supplied during operations that require the parent key. The -K option will cause luks-tpm2 to display an interactive password prompt. Note that NVRAM often has a limited number of writes, so it may not be a good option if frequent updates are required. Copyright Corey Hinshaw corey electrickite. Skip to content. Dismiss Join GitHub today GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.By using our site, you acknowledge that you have read and understand our Cookie PolicyPrivacy Policyand our Terms of Service.

Information Security Stack Exchange is a question and answer site for information security professionals. It only takes a minute to sign up. I spent several days trying to figure out how to securely decrypt a hard drive on remote location using TPM2. I'm no security expert and this is my first battle with TPM2.

Automatic LUKS volumes unlocking using a TPM2 chip

I learned a lot, but I still have questions. Could someone help me with those:. I think that I achieved a level on which I can ask a legitimate question about this issue, but I cannot myself assess further the implications or holes in this. For example:. You will need it to already be encrypted and have a passphrase, which the command above will prompt you for.

You can leave the passphrase as a backup or remove it afterwards. I'm not sure about using the PCR0 value itself as the key, since in my limited experience that value is pretty easy to access.

I don't believe that is how "sealing" data against a PCR works but I don't know the exact relationship between the PCR value and the sealed value. I encrypted the device during install, and had success binding it manually and in a kickstart script. Sign up to join this community. The best answers are voted up and rise to the top. Home Questions Tags Users Unanswered. Use TPM2. Asked 1 year, 6 months ago. Active 7 months ago. Viewed 3k times.

I couldn't find other projects with support for TPM2. Are there any?

luks tpm2

Can TPM2. Kamil Kamil 1 1 silver badge 3 3 bronze badges. Active Oldest Votes. Jaime Jaime 21 2 2 bronze badges. See security. As for it being easy to access, that's absolutely true and is unavoidable. If you have physical access, you can easily read the values of the LPC bus.


comments

Leave a Reply

Your email address will not be published. Required fields are marked *