New Features:
- * systemd-measure is a new tool for precalculating and signing expected
- TPM2 PCR values seen once a given unified kernel image (UKI) with
- systemd-stub is booted. This is useful for implementing TPM2 policies
- for LUKS encrypted volumes and encrypted system/service credentials,
- that robustly bind to kernels carrying appropriate PCR signature
- information. The signed expected PCR information, and the public key
- used for the signature may be embedded inside UKIs for this purpose,
- so that it is automatically available in userspace, once the UKI is
- booted.
-
- systemd-cryptsetup, systemd-cryptenroll and systemd-creds have been
+ * systemd-measure is a new tool for calculating and signing expected
+ TPM2 PCR values for a given unified kernel image (UKI) booted via
+ sd-stub. The public key used for the signature and the signed
+ expected PCR information can be embedded inside the UKI. This
+ information can be extracted from the UKI by external tools and code
+ in the image itself and is made available to userspace in the booted
+ kernel.
+
+ systemd-cryptsetup, systemd-cryptenroll, and systemd-creds have been
updated to make use of this information if available in the booted
kernel: when locking an encrypted volume/credential to the TPM
- systemd-cryptenroll/systemd-creds will use the public key embedded in
- the booted UKI to bind the volume/credential to the kernel (and
- future versions thereof, as long as it carries PCR information signed
- by the same key pair). When unlocking such an encrypted
- volume/credential systemd-cryptsetup/systemd-creds will use the
- signature embedded in the booted UKI to gain access.
+ systemd-cryptenroll/systemd-creds will use the public key to bind the
+ volume/credential to any kernel that carries PCR information signed
+ by the same key pair. When unlocking such volumes/credentials
+ systemd-cryptsetup/systemd-creds will use the signature embedded in
+ the booted UKI to gain access.
Binding TPM-based disk encryption to public keys/signatures of PCR
values — instead of literal PCR values — addresses the inherent
Net effect: if you boot a properly prepared kernel, TPM-bound disk
encryption now defaults to be locked to kernels which carry PCR
- signatures from the same signature key pair. Example: if a
- hypothetical distro FooOS prepares its UKIs like this, TPM-based disk
- encryption is now – by default – bound to only FooOS kernels, and
- encrypted volumes bound to the TPM cannot be unlocked on other
- kernels from other sources. (But do note this behaviour requires
- preparation/enabling in the UKI, and of course users can always
- enroll non-TPM ways to unlock the volume.)
+ signatures from the same key pair. Example: if a hypothetical distro
+ FooOS prepares its UKIs like this, TPM-based disk encryption is now –
+ by default – bound to only FooOS kernels, and encrypted volumes bound
+ to the TPM cannot be unlocked on kernels from other sources. (But do
+ note this behaviour requires preparation/enabling in the UKI, and of
+ course users can always enroll non-TPM ways to unlock the volume.)
* systemd-pcrphase is a new tool that is invoked at 4 places during
system runtime, and measures additional words into TPM2 PCR 11, to
projects / thirdparty / systemd.git / commitdiff
