From 536f4a1623bbd9842885bc17800098d844c5bab3 Mon Sep 17 00:00:00 2001 From: Thierry Laurion Date: Thu, 9 Mar 2023 13:28:04 -0500 Subject: [PATCH] Small cosmetic/typo related changes, ccache enablement for coreboot and reduction of unseal attempts gui-init: do not consume two unseal attempt to unseal both totp and hotp + cosmetic changes (slow down TPM DA lockout) kexec-seal-key: Add DEBUG statement for PCR precalc seal-totp: add DEBUG statements regarding skipping of PCR5 and PCR6 involvement into TOTP/HOTP sealing ops seal-hotpkey: Add DEBUG statements related to reuse of TOTP sealed secret tpmr: add DO_WITH_DEBUG calls to output pcrread and extend calls tpmr: typo correction stating TRACE calls for tpm2 where it was for tpm1 tpmr: add DO_WITH_DEBUG calls for calcfuturepcr functions: Cosmetic fix on pause_recovery asking user to press Enter to go to recovery shell on host console when board defines CONFIG_BOOT_RECOVERY_SERIAL Not so related but part of output review and corrections: kexec-insert-key: cosmetic changes prepending "+++" to disk related changes kexec-save-default: cosmetic changes prepending "+++" to disk related changes config/coreboot-qemu-tpm*.config: add ccache support for faster coreboot rebuild times --- config/coreboot-qemu-tpm1.config | 1 + config/coreboot-qemu-tpm2.config | 1 + initrd/bin/gui-init | 5 ++--- initrd/bin/kexec-insert-key | 8 ++++---- initrd/bin/kexec-save-default | 12 ++++++------ initrd/bin/kexec-seal-key | 5 +++-- initrd/bin/kexec-select-boot | 2 +- initrd/bin/seal-hotpkey | 1 + initrd/bin/seal-totp | 2 ++ initrd/bin/tpmr | 17 +++++++++-------- initrd/bin/unseal-hotp | 1 + initrd/etc/functions | 2 +- 12 files changed, 32 insertions(+), 25 deletions(-) diff --git a/config/coreboot-qemu-tpm1.config b/config/coreboot-qemu-tpm1.config index 38f6c316..2c6ad5fa 100644 --- a/config/coreboot-qemu-tpm1.config +++ b/config/coreboot-qemu-tpm1.config @@ -1,3 +1,4 @@ +CONFIG_CCACHE=y # CONFIG_INCLUDE_CONFIG_FILE is not set CONFIG_ONBOARD_VGA_IS_PRIMARY=y CONFIG_CBFS_SIZE=0x980000 diff --git a/config/coreboot-qemu-tpm2.config b/config/coreboot-qemu-tpm2.config index 9795dee5..ce342539 100644 --- a/config/coreboot-qemu-tpm2.config +++ b/config/coreboot-qemu-tpm2.config @@ -1,3 +1,4 @@ +CONFIG_CCACHE=y # CONFIG_INCLUDE_CONFIG_FILE is not set CONFIG_ONBOARD_VGA_IS_PRIMARY=y CONFIG_CBFS_SIZE=0xfe0000 diff --git a/initrd/bin/gui-init b/initrd/bin/gui-init index 5b772f77..6bc85433 100755 --- a/initrd/bin/gui-init +++ b/initrd/bin/gui-init @@ -164,7 +164,7 @@ generate_totp_htop() # clear screen printf "\033c" else - warn "Sealing of measurements inside of TPM failed. You might want to take ownership of TPM by resetting it." + warn "Unsealing TOTP/HOTP secret from previous sealed measurements failed. Try "Generate new HOTP/TOTP secret" option if you updated firmware content." fi } @@ -366,8 +366,7 @@ show_main_menu() attempt_default_boot ;; r ) - update_totp - update_hotp + update_totp && update_hotp ;; o ) show_options_menu diff --git a/initrd/bin/kexec-insert-key b/initrd/bin/kexec-insert-key index 79c2084b..78a16fab 100755 --- a/initrd/bin/kexec-insert-key +++ b/initrd/bin/kexec-insert-key @@ -78,8 +78,8 @@ dd if="$INITRD" of="$SECRET_CPIO" bs=512 conv=sync \ if [ "$unseal_failed" = "n" ]; then # kexec-save-default might have created crypttab overrides to be injected in initramfs through additional cpio if [ -r "$bootdir/kexec_initrd_crypttab_overrides.txt" ]; then - echo "$bootdir/kexec_initrd_crypttab_overrides.txt found..." - echo "Preparing initramfs crypttab overrides as defined under $bootdir/kexec_initrd_crypttab_overrides.txt to be injected through cpio at next kexec call..." + echo "+++ $bootdir/kexec_initrd_crypttab_overrides.txt found..." + echo "+++ Preparing initramfs crypttab overrides as defined under $bootdir/kexec_initrd_crypttab_overrides.txt to be injected through cpio at next kexec call..." # kexec-save-default has found crypttab files under initrd and saved them cat "$bootdir/kexec_initrd_crypttab_overrides.txt" | while read line; do crypttab_file=$(echo "$line" | awk -F ':' {'print $1'}) @@ -87,14 +87,14 @@ if [ "$unseal_failed" = "n" ]; then # Replace each initrd crypttab file with modified entry containing /secret.key path mkdir -p "$INITRD_DIR/$(dirname $crypttab_file)" echo "$crypttab_entry" | tee -a "$INITRD_DIR/$crypttab_file" > /dev/null - echo "initramfs's $crypttab_file will be overriden with $crypttab_entry" + echo "+++ initramfs's $crypttab_file will be overriden with: $crypttab_entry" done else # No crypttab files were found under selected default boot option's initrd file crypttab_file="etc/crypttab" mkdir -p "$INITRD_DIR/$(dirname $crypttab_file)" # overwrite crypttab to mirror behavior of seal-key - echo "The following /etc/crypttab lines will be passed through cpio into kexec call for default boot option:" + echo "+++ The following /etc/crypttab lines will be passed through cpio into kexec call for default boot option:" for uuid in `cat "$TMP_KEY_DEVICES" | cut -d\ -f2`; do # NOTE: discard operation (TRIM) is activated by default if no crypptab found in initrd echo "luks-$uuid UUID=$uuid /secret.key luks,discard" | tee -a "$INITRD_DIR/$crypttab_file" diff --git a/initrd/bin/kexec-save-default b/initrd/bin/kexec-save-default index 42617877..54b56c37 100755 --- a/initrd/bin/kexec-save-default +++ b/initrd/bin/kexec-save-default @@ -146,14 +146,14 @@ if [ "$save_key" = "y" ]; then current_default_initrd=$(cat /boot/kexec_default_hashes.txt | grep initr | awk -F " " {'print $NF'} | sed 's/\.\//\/boot\//g') # Get crypttab files paths from initrd - echo "Checking current selected default boot's $current_default_initrd for existing crypttab files..." + echo "+++ Checking current selected default boot's $current_default_initrd for existing crypttab files..." # First either decompress or use the original if it's not compressed initrd_decompressed="/tmp/initrd_extract/initrd_decompressed.cpio" zcat < "$current_default_initrd" > "$initrd_decompressed" 2> /dev/null || initrd_decompressed="$current_default_initrd" crypttab_files=$(cpio --list --quiet < "$initrd_decompressed" | grep crypttab 2> /dev/null) || true if [ ! -z "$crypttab_files" ]; then - echo "Extracting current selected default boot's $current_default_initrd for found crypttab files analysis..." + echo "+++ Extracting current selected default boot's $current_default_initrd for found crypttab files analysis..." cpio -id --quiet < $initrd_decompressed $crypttab_files 2> /dev/null rm -f $bootdir/kexec_initrd_crypttab_overrides.txt || true @@ -172,12 +172,12 @@ if [ "$save_key" = "y" ]; then cd - > /dev/null #insert current default boot's initrd crypttab locations into tracking file to be overwritten into initramfs at kexec-inject-key - echo "The following OS crypttab file:entry were modified from default boot's initrd:" + echo "+++ The following OS crypttab file:entry were modified from default boot's initrd:" cat $bootdir/kexec_initrd_crypttab_overrides.txt - echo "Heads added /secret.key in those entries and saved them under $bootdir/kexec_initrd_crypttab_overrides.txt" - echo "Those overrides will be part of detached signed digests and used to prepare cpio injected at kexec of selected default boot entry." + echo "+++ Heads added /secret.key in those entries and saved them under $bootdir/kexec_initrd_crypttab_overrides.txt" + echo "+++ Those overrides will be part of detached signed digests and used to prepare cpio injected at kexec of selected default boot entry." else - echo "No crypttab file found in extracted initrd. Removing $bootdir/kexec_initrd_crypttab_overrides.txt" + echo "+++ No crypttab file found in extracted initrd. Removing $bootdir/kexec_initrd_crypttab_overrides.txt" rm -f "$bootdir/kexec_initrd_crypttab_overrides.txt" || true fi # Cleanup diff --git a/initrd/bin/kexec-seal-key b/initrd/bin/kexec-seal-key index 1e624d87..e892826e 100755 --- a/initrd/bin/kexec-seal-key +++ b/initrd/bin/kexec-seal-key @@ -96,15 +96,16 @@ tpmr pcrread -a 3 "$pcrf" # Note that PCR 4 needs to be set with the "normal-boot" path value, which is 0. dd if=/dev/zero bs="$(tpmr pcrsize)" count=1 status=none >> "$pcrf" if [ "$CONFIG_USB_KEYBOARD" = "y" -o -r /lib/modules/libata.ko -o -x /bin/hotp_verification ]; then - DEBUG "Seal with PCR5 involvement (additional kernel modules are loaded per board config)..." + DEBUG "Sealing TPM disk unlock key with PCR5 involvement (additional kernel modules are loaded per board config)..." # Here, we take pcr 5 into consideration if modules are expected to be measured+loaded tpmr pcrread -a 5 "$pcrf" else - DEBUG "Seal without PCR5 involvement, PCR5=0..." + DEBUG "Sealing TPM disk unlock key with PCR5=0 (NO additional kernel modules are loaded per board config)..." #no kernel modules are expected to be measured+loaded dd if=/dev/zero bs="$(tpmr pcrsize)" count=1 status=none >> "$pcrf" fi # Precompute the value for pcr 6 +DEBUG "Precomputing TPM future value for PCR6 sealing/unsealing of TPM disk unlock key..." tpmr calcfuturepcr -a "/tmp/luksDump.txt" "$pcrf" # We take into consideration user files in cbfs tpmr pcrread -a 7 "$pcrf" diff --git a/initrd/bin/kexec-select-boot b/initrd/bin/kexec-select-boot index 71de154b..ae9dbbc5 100755 --- a/initrd/bin/kexec-select-boot +++ b/initrd/bin/kexec-select-boot @@ -304,7 +304,7 @@ user_select() { DEBUG "Rebooting is required prior of booting default boot entry" # Instead of rebooting, drop to a recovery shell # for a chance to inspect debug output - recovery "!!! Entering recovery to inspect debug output, reboot to continue" + recovery "Entering recovery to permit inspection of /tmp/debug.log output, reboot to continue" fi fi fi diff --git a/initrd/bin/seal-hotpkey b/initrd/bin/seal-hotpkey index b4c5f1ad..7e8cc75b 100755 --- a/initrd/bin/seal-hotpkey +++ b/initrd/bin/seal-hotpkey @@ -27,6 +27,7 @@ else fi if [ "$CONFIG_TPM" = "y" ]; then + DEBUG "Sealing HOTP secret reuses TOTP sealed secret..." tpmr unseal 4d47 0,1,2,3,4,7 312 "$HOTP_SECRET" \ || die "Unable to unseal HOTP secret" fi diff --git a/initrd/bin/seal-totp b/initrd/bin/seal-totp index e0580a4a..228b7167 100755 --- a/initrd/bin/seal-totp +++ b/initrd/bin/seal-totp @@ -36,7 +36,9 @@ tpmr pcrread -a 3 "$pcrf" # pcr 4 is expected to be zero (boot mode: init) dd if=/dev/zero bs="$(tpmr pcrsize)" count=1 status=none >> "$pcrf" # pcr 5 (kernel modules loaded) is not measured at sealing/unsealing of totp +DEBUG "Sealing TOTP neglecting PCR5 involvement (Dynamically loaded kernel modules are not firmware integrity attestation related)" # pcr 6 (drive luks header) is not measured at sealing/unsealing of totp +DEBUG "Sealing TOTP without PCR6 involvement (LUKS header consistency is not firmware integrity attestation related)" # pcr 7 is containing measurements of user injected stuff in cbfs tpmr pcrread -a 7 "$pcrf" tpmr seal "$TOTP_SECRET" "$TPM_NVRAM_SPACE" 0,1,2,3,4,7 "$pcrf" 312 \ diff --git a/initrd/bin/tpmr b/initrd/bin/tpmr index ea5c84ea..9b8ab1c3 100755 --- a/initrd/bin/tpmr +++ b/initrd/bin/tpmr @@ -56,10 +56,10 @@ tpm2_pcrread() { true >"$file" fi - tpm2 pcrread -Q -o >(cat >>"$file") "sha256:$index" + DO_WITH_DEBUG tpm2 pcrread -Q -o >(cat >>"$file") "sha256:$index" } tpm1_pcrread() { - TRACE "Under /bin/tpmr:tpm2_pcrread" + TRACE "Under /bin/tpmr:tpm1_pcrread" if [ "$1" = "-a" ]; then APPEND=y shift @@ -74,7 +74,7 @@ tpm1_pcrread() { true >"$file" fi - tpm pcrread -ix "$index" | hex2bin >>"$file" + DO_WITH_DEBUG tpm pcrread -ix "$index" | hex2bin >>"$file" } # usage: tpmr calcfuturepcr [-a] @@ -97,12 +97,12 @@ tpm2_calcfuturepcr() { fi tpm2 pcrreset -Q 23 - tpmr extend -ix 23 -if "$input_file" - tpm2 pcrread -Q -o >(cat >>"$output_file") sha256:23 + DO_WITH_DEBUG tpmr extend -ix 23 -if "$input_file" + DO_WITH_DEBUG tpm2 pcrread -Q -o >(cat >>"$output_file") sha256:23 tpm2 pcrreset -Q 23 } tpm1_calcfuturepcr() { - TRACE "Under /bin/tpmr:tpm2_calcfuturepcr" + TRACE "Under /bin/tpmr:tpm1_calcfuturepcr" if [ "$1" = "-a" ]; then APPEND=y shift @@ -115,7 +115,7 @@ tpm1_calcfuturepcr() { true >"$output_file" fi - tpm calcfuturepcr -ix 16 -if "$input_file" | hex2bin >>"$output_file" + DO_WITH_DEBUG tpm calcfuturepcr -ix 16 -if "$input_file" | hex2bin >>"$output_file" } tpm2_extend() { @@ -521,7 +521,8 @@ if [ "$CONFIG_TPM2_TOOLS" != "y" ]; then shutdown) ;; # Nothing on TPM1. *) - exec tpm "$@" + DEBUG "Direct translation from tpmr to tpm1 call" + DO_WITH_DEBUG exec tpm "$@" ;; esac exit 0 diff --git a/initrd/bin/unseal-hotp b/initrd/bin/unseal-hotp index ed347585..73174617 100755 --- a/initrd/bin/unseal-hotp +++ b/initrd/bin/unseal-hotp @@ -38,6 +38,7 @@ fi #counter_value=$(printf "%d" 0x${counter_value}) if [ "$CONFIG_TPM" = "y" ]; then + DEBUG "Unsealing HOTP secret reuses TOTP sealed secret..." tpmr unseal 4d47 0,1,2,3,4,7 312 "$HOTP_SECRET" fi diff --git a/initrd/etc/functions b/initrd/etc/functions index 8c0e3b72..3014e26f 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -67,7 +67,7 @@ recovery() { pause_recovery() { TRACE "Under /etc/functions:pause_recovery" - read -p 'Hit enter to proceed to recovery shell:' + read -p $'!!! Hit enter to proceed to recovery shell !!!\n' recovery $* }