Bypassing disk encryption on systems with automatic TPM2 unlock

When I first read about TPM-based FDE on Linux[0], I was excited that the systemd guys were finally taking a step in the right direction - BitLocker/FileVault were standard on Windows/macOS for a long time by that point. FDE should be secure by default, dead-simple to set up (e.g. a checkbox in the installer that defaults to "enabled"), and painless for everyday use.

[0]: https://0pointer.de/blog/brave-new-trusted-boot-world.html

Then I read about the implementation details[0], and it's a complex bloody mess with an unending chain of brittle steps and edge cases, that are begging for a mistake and get exploited. So here we are.

I'm convinced that "measure the kernel" into "measure the initrd" into "show login screen" is all it should take.

>> we can confuse the initrd into executing a malicious init executable.

This hash the next link method is always as flawed as the weakest link..

Of course. The typical Linux initrd is also too complicated. It should be doing this, and nothing else:

- There's an executable called /init, link it statically with everything it needs to do.

- Load kernel modules from a list (hardcoded at build time; optional if you include common modules in the generic kernel).

- Mount the root filesystem (hardcoded at build time) and pivot.

- execve("/sbin/init", ...)

I've built a PoC in pure Go that does all of this, the resulting initrd was ~2.5MB plus kernel modules. I simply moved all the boot-time complexity to build-time. It doesn't do LUKS or TPM yet, but that's also further down the roadmap.

OpenBSD went a step further and crammed FDE decryption into the bootloader. It doesn't do TPM but simple is simple.