@ -9,7 +9,7 @@ This version is tested for Ubuntu 20.04 LTS. It requires TPM-Tools 4.x as the pa
1. Execute install.sh1. Execute install.sh
2. Reboot the machine, you will still be asked for your encryption passphrase2. Reboot the machine, you will still be asked for your encryption passphrase
3. Update the TPM PCR policy with update-luks-tpm.sh3. Update the TPM PCR policy with update-luks-tpm.sh
4. The next reboot is done automatically4. During the next reboot the encrypted disk will be opened automatically
## Result## Result
- Grub is still installed, but not used (as a fallback)- Grub is still installed, but not used (as a fallback)
@ -24,8 +24,8 @@ Ideas taken from
- https://medium.com/@pawitp/full-disk-encryption-on-arch-linux-backed-by-tpm-2-0-c0892cab9704- https://medium.com/@pawitp/full-disk-encryption-on-arch-linux-backed-by-tpm-2-0-c0892cab9704
- https://medium.com/@pawitp/its-certainly-annoying-that-tpm2-tools-like-to-change-their-command-line-parameters-d5d0f4351206- https://medium.com/@pawitp/its-certainly-annoying-that-tpm2-tools-like-to-change-their-command-line-parameters-d5d0f4351206
I used the PCRs 0,1,4,5, 7 as policy for unlocking disk encryption. The PCRs 2,3 and 6 have the same hash value and are therefore assumed as empty .I used the PCRs 0- 7 as policy for unlocking disk encryption. The PCRs 2,3 and 6 have the same hash value and are therefore not used .
For additional security reasons, one may consider including these registers as well (to prevent e.g. Option ROM DMA attacks).However these PCRs are included as well (to prevent e.g. Option ROM DMA attacks).
Furthermore I use the RNG on the TPM for secret generation and use SHA256 and ECC instead of SHA1 and RSA.Furthermore I use the RNG on the TPM for secret generation and use SHA256 and ECC instead of SHA1 and RSA.
All of the below instructions should be executed as root:All of the below instructions should be executed as root:
@ -42,7 +42,7 @@ All of the below instructions should be executed as root:
5. Update initramfs5. Update initramfs
`update-initramfs -u -k all` `update-initramfs -u -k all`
6. Create the Kernel Command Line6. Create the Kernel Command Line
`echo "/vmlinuz-5.4.0-39-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro" > /boot/kernel-command-line.txt` `echo "/vmlinuz-5.4.0-39-generic root=/dev/mapper/ubuntu--vg-ubuntu--lv ro ima_audit=1 ima_policy=appraise_tcb rootflags=i_version " > /boot/kernel-command-line.txt`
6. Create unified Kernel6. Create unified Kernel
``````
mkdir -p /boot/efi/EFI/Linuxmkdir -p /boot/efi/EFI/Linux
@ -59,12 +59,52 @@ objcopy \
9. Store the secret key in the TPM and use the now valid PCRs as policy9. Store the secret key in the TPM and use the now valid PCRs as policy
``````
tpm2_evictcontrol -C o -c 0x81000000 #evict an old passphrase before writing the new onetpm2_evictcontrol -C o -c 0x81000000 #evict an old passphrase before writing the new one
tpm2_createpolicy --policy-pcr -l sha256:0,1,4,5,7 -L /root/policy.digesttpm2_createpolicy --policy-pcr -l sha256:0,1,2,3, 4,5,6 ,7 -L /root/policy.digest
tpm2_createprimary -C e -g sha256 -G ecc256 -c /root/primary.contexttpm2_createprimary -C e -g sha256 -G ecc256 -c /root/primary.context
tpm2_create -g sha256 -u /root/obj.pub -r /root/obj.priv -C /root/primary.context -L /root/policy.digest -a "noda|adminwithpolicy|fixedparent|fixedtpm" -i /root/secret.bintpm2_create -g sha256 -u /root/obj.pub -r /root/obj.priv -C /root/primary.context -L /root/policy.digest -a "noda|adminwithpolicy|fixedparent|fixedtpm" -i /root/secret.bin
tpm2_load -C /root/primary.context -u /root/obj.pub -r /root/obj.priv -c /root/load.contexttpm2_load -C /root/primary.context -u /root/obj.pub -r /root/obj.priv -c /root/load.context
tpm2_evictcontrol -C o -c /root/load.context 0x81000000tpm2_evictcontrol -C o -c /root/load.context 0x81000000
# tpm2_unseal -c 0x81000000 -p pcr:sha1:0,1,4,5,7 -o /root/test.bin #proof that the persistence worked# tpm2_unseal -c 0x81000000 -p pcr:sha1:0,1,2,3, 4,5,6 ,7 -o /root/test.bin #proof that the persistence worked
rm -f /root/load.context /root/obj.priv /root/obj.pub /root/policy.digest /root/primary.contextrm -f /root/load.context /root/obj.priv /root/obj.pub /root/policy.digest /root/primary.context
``````
10. The next reboot should work automatically10. The next reboot should work without manual disk decryption
## Integrity Measurement Architecture (IMA)
References for IMA:
- https://sourceforge.net/p/linux-ima/wiki/Home/
- https://wiki.gentoo.org/wiki/Integrity_Measurement_Architecture
- https://wiki.strongswan.org/projects/strongswan/wiki/IMA
Attention! The above Docs are written for different versions of IMA and the Linux Kernel.
### Manual installation
To enable IMA, the Kernel needs the corresponding parameters as follows:
- `ima_appraise=`
- `off` - no files are checked
- `log` - just log all measures files in the IMA log.
- `fix` - save the file hash of each accessed file to the file attribute 'security.ima' (used)
- `enforce` - only files with a valid 'security.ima' file hash can be accessed.
- `ima_policy=` (more than one policy possible, kernel uses union of all policies)
- `appraise_tcb` - appraises all files owned by root (used)
- `tcb` - measures all executables run, all memory mapped files for execution (such as shared libraries), all Kernel modules loaded, all firmware loaded, and all files opened for read by root. (used)
- `secure_boot` - appraises all loaded modules, firmware, kexec'd Kernel, and IMA policies. It also requires them to have an IMA signature as well. This is normally used with the CONFIG_INTEGRITY_TRUSTED_KEYRING option in the Kernel in "secure boot" scenario, with the public key obtained from the OEM in firmware or via the MOK (Machine Owner Key) in shim.
- `ima_hash=` (used hash algorithm
- `sha1` (default)
- `sha256`
- `sha512`
- ...
- `ima_template=`
- `ima-ng` (used)
- template_hash=hash(filedata-hash length, filedata-hash, pathname length, pathname)
- filedata_hash=hash(filedata)
- `ima-sig`
- template_hash=hash(filedata-hash length, filedata-hash, pathname length, pathname)
- filedata_hash=hash(filedata)
- append signature if present
- `ima`
- template_hash=hash(filedata-hash, filename-hint)
- filedata_hash=hash(filedata)
- `rootflags=i_version` - files are only measured when they are updated on the file system.
The IMA log is a virtual file in `/sys/kernel/security/ima/ascii_runtime_measurements` .
