←back to thread

Bypassing disk encryption on systems with automatic TPM2 unlock

(oddlama.org)
212 points arjvik | 3 comments | 17 Jan 25 03:00 UTC | HN request time: 0.644s | source
Show context
rollcat ◴[17 Jan 25 16:03 UTC] No.42739214[source]
When I first read about TPM-based FDE on Linux[0], I was excited that the systemd guys were finally taking a step in the right direction - BitLocker/FileVault were standard on Windows/macOS for a long time by that point. FDE should be secure by default, dead-simple to set up (e.g. a checkbox in the installer that defaults to "enabled"), and painless for everyday use.

[0]: https://0pointer.de/blog/brave-new-trusted-boot-world.html

Then I read about the implementation details[0], and it's a complex bloody mess with an unending chain of brittle steps and edge cases, that are begging for a mistake and get exploited. So here we are.

I'm convinced that "measure the kernel" into "measure the initrd" into "show login screen" is all it should take.

replies(1): >>42741112 #
1. snailmailstare ◴[17 Jan 25 17:50 UTC] No.42741112[source]
>> we can confuse the initrd into executing a malicious init executable.

This hash the next link method is always as flawed as the weakest link..

replies(1): >>42749538 #
2. rollcat ◴[18 Jan 25 16:44 UTC] No.42749538[source]
Of course. The typical Linux initrd is also too complicated. It should be doing this, and nothing else:

- There's an executable called /init, link it statically with everything it needs to do.

- Load kernel modules from a list (hardcoded at build time; optional if you include common modules in the generic kernel).

- Mount the root filesystem (hardcoded at build time) and pivot.

- execve("/sbin/init", ...)

I've built a PoC in pure Go that does all of this, the resulting initrd was ~2.5MB plus kernel modules. I simply moved all the boot-time complexity to build-time. It doesn't do LUKS or TPM yet, but that's also further down the roadmap.

OpenBSD went a step further and crammed FDE decryption into the bootloader. It doesn't do TPM but simple is simple.

replies(1): >>42774003 #
3. cookiengineer ◴[20 Jan 25 22:44 UTC] No.42774003[source]
Do you have that on github or gitlab?

I'd love to contribute, as I'm also working on something like this for the last couple weeks.