From nobody Sat Nov 27 14:34:54 2021 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 026EE18A8F33 for ; Sat, 27 Nov 2021 14:35:33 +0000 (UTC) (envelope-from s.adaszewski@gmail.com) Received: from mail-ed1-x536.google.com (mail-ed1-x536.google.com [IPv6:2a00:1450:4864:20::536]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4J1Z0M5rxxz4Qxx for ; Sat, 27 Nov 2021 14:35:31 +0000 (UTC) (envelope-from s.adaszewski@gmail.com) Received: by mail-ed1-x536.google.com with SMTP id t5so51340781edd.0 for ; Sat, 27 Nov 2021 06:35:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:from:date:message-id:subject:to; bh=WEVCa0Qsq4AX9gnGWO8bOytk92dg+VShOAx5sTdedIE=; b=cKgClDnGq+cVy3wgZHN+NtvyWbcgpXNB3Rbsj4SWByiUURgC5dcy7Yp4oMGRabzNOu 5WgI0xLYmvd6jqmJtKg6TaHjG/01HhLryUwjOreakYTFajaSAzDEDqFrG0jNBUDvv2MT KHmEBDzlQ6BqeJ7mGbnEhO/pH9NvH8Jq8diadhAlm+uEJA+syNdd7krd+A2PcftojWS2 aNT65q1r/L7IgYLh0FscAMOmUPmKWljspgAKJigQgS+BBz1P13R1dtEEdYQuWya8HvQ4 lc+hr/RQviJf0JcT09JeTL8AMPUCdxSwcsUi1VKBGPqD7p6tBBDmwh1reXjPdrbQRqzX 181g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=WEVCa0Qsq4AX9gnGWO8bOytk92dg+VShOAx5sTdedIE=; b=IX7oNwpqeIse/BjYMXjFVCC5DAyttfXYOBPjccjSnlV1nAPPmZRg6K5JoTdUalfFgp 7GRRAXL2CsiQ18x/scNET1ZTFd3hMOWdI706w32UXF3ZgsNTtHvZQhJ1KdumpF6fvK7y XtV/9C2nRzbV7nehDWgkUhofaxBFeXnkORB8wjWyC2mkChXJQOZFO04XzBP+EenONWHR r5uxtx0sjRdHOAvIy26KKv4FF/oWTmmY5K8D3apYlW/tM/aBzxCbKB7emyy+43DnaVsB qLG+lX7gE4edtJS7iIDE/eBh+3S0jpN4vkHBTen3dcbWLAOqEJl/fq9xA2K94+J9XmDC zInw== X-Gm-Message-State: AOAM530uOUxytW2FvqO2dYPbK+dMNzUJlpChDkdSYNc1KGUZiBCwEgfV laKzpf5UzP33/6mZ2cuIZA1ihw8GqUyPIiB6MJu1A2fCXq4= X-Google-Smtp-Source: ABdhPJxiWGB9SoufLT+4nKBhuBrgJ5QlGmmAlvmM9KY7FYeFXYRQmCHmCuUClvr6wbrOF2Qs8tOlNGT4E3Xl9RhA6DE= X-Received: by 2002:a17:906:b090:: with SMTP id x16mr45756363ejy.438.1638023730819; Sat, 27 Nov 2021 06:35:30 -0800 (PST) List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org MIME-Version: 1.0 From: Stanislaw Adaszewski Date: Sat, 27 Nov 2021 15:34:54 +0100 Message-ID: Subject: TPM2 Support in bootloader / kernel in order to retrieve GELI passphrase To: freebsd-hackers@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4J1Z0M5rxxz4Qxx X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20210112 header.b=cKgClDnG; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of sadaszewski@gmail.com designates 2a00:1450:4864:20::536 as permitted sender) smtp.mailfrom=sadaszewski@gmail.com X-Spamd-Result: default: False [0.08 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20210112]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; NEURAL_SPAM_SHORT(1.00)[1.000]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MID_RHS_MATCH_FROMTLD(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::536:from]; NEURAL_SPAM_LONG(0.98)[0.983]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:~]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; TAGGED_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-ThisMailContainsUnwantedMimeParts: N Dear All, Could you please guide me so that we can together integrate the following piece of work into the FreeBSD base system? Thank you for your time and consideration. I have created the following bundle of work [1]. The referenced patch implements on top of releng/13.0, the support for TPM2 in the EFI bootloader and in the kernel in order to allow for storage and retrievel of a GELI passphrase in a TPM2 module, secured with a PCR policy. The way the bootloader behavior is modified is the following: 1) before calling efipart_inithandles() an attempt to retrieve the passphrase from a TPM2 module might be performed - how this is achieved is described later on. 2) if a passphrase is indeed retrieved, then after determining currdev, the currdev is checked for the presence of a /.passphrase_marker file which must contain the same passphrase as retrieved from the TPM. This is supposed to ensure that we do not end up booting an environment not on the device we just unlocked with the passphrase. 3a) If all is go, the autoboot_delay is set to -1 in order to prevent any interaction and continue the boot process of the "safe" environment, a 'kern.geom.eli.passphrase.from_tpm2.passphrase' variable is set to the passphrase from TPM in order for kernel use later, as well as a kern.geom.eli.passphrase.from_tpm2.was_retrieved'='1' variable. 3b) If the passphrase marker does not match, the bootloader cleans up GELI keys, the TPM passphrase and kern.geom.eli.passphrase and exits. The way the kernel behavior is modified is the following: 1) In init_main.c, after vfs_mountroot() a check is added 2a) If kern.geom.eli.passphrase.from_tpm2.was_retrieved is not set to 1, then we do nothing and continue the boot process 2b) If the was_retrieved variable is set to '1' then we check for the same passphrase marker as the bootloader, its content compared against the 'kern.geom.eli.passphrase.from_tpm2.passphrase' variable. 3a) If all is go, the passphrase variable is unset and the boot process continues, 3c) If the passphrase marker does not match, we panic. The configuration of the bootloader for this procedure looks the following: 1) We set an efivar KernGeomEliPassphraseFromTpm2NvIndex to contain the TPM2 NV Index we store our passphrase in, e.g. 0x1000001 2) We set an efivar KernGeomEfiPassphraseFromTpm2PolicyPcr to contain the PCR policy used to secure the passphrase, e.g. sha256:0,2,4,7 3a) If both are set, the bootloader will attempt to retrieve the passphrase and behave in the modified way described above 3b) Otherwise, it behaves as the vanilla version and will ask for GELI passphrases if necessary The configuration of the TPM and the passphrase marker looks the following: 1) echo -n "passphrase" >/.passphrase_marker 2) chmod 600 /.passphrase_marker 3) tpm2_createpolicy -L policy.digest --policy-pcr -l sha256:0,2,4,7 4) tpm2_nvdefine -Q 0x1000001 -s `wc -c /.passphrase_marker` -L policy.digest -A "policyread|policywrite" 5) tpm2_nvwrite -Q 0x1000001 -i /.passphrase_marker -P pcr:sha256:0,2,4,7 [1] https://github.com/sadaszewski/freebsd-src/compare/releng/13.0...tpm-support-in-stand Kind regards, -- Stanislaw