Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LUKS encrypted disk and TPM2 #34

Closed
moonwolf-github opened this issue Mar 1, 2018 · 5 comments
Closed

LUKS encrypted disk and TPM2 #34

moonwolf-github opened this issue Mar 1, 2018 · 5 comments

Comments

@moonwolf-github
Copy link

I'm struggling with clevis 9 on CentOS7 right now (with some success) but some question is bothering me: i want to automatically boot host with luks-encrypted disk using TPM2. According to README it is possible. But will i be able to unencrypt this disk on same host booted from other source (other disk, pendrive)?
@martinezjavier
Copy link
Contributor

@moonwolf-github as long as you have the tpm2-tools and clevis projects installed and support for the TPM device (tpm driver and in-kernel resource manager) in the other source (disk or pendrive), yes.

There's a clevis luks unlock command that you could use to unlock the disk.

Now, if you seal against a PCR state (i.e: setting pcr_ids or pcr_digest in the JSON config), it may be different if you boot another media with a different kernel, command line parameters, etc depending on what's measured by your bootloader. But even in that case, you may be able to unlock it using the original LUKS master key in slot 0 since clevis does not remove that.

@moonwolf-github
Copy link
Author

So, it's imposible to protect encrypted disk from decryption? Thank you for information.

@martinezjavier
Copy link
Contributor

martinezjavier commented Mar 1, 2018
edited

@moonwolf-github it depends on your threat model. The tpm2 pin says the following in its man page:

Threat model

The Clevis security model relies in the fact that an attacker will not be able to access
both the encrypted data and the decryption key.

For most Clevis pins, the decryption key is not locally stored, so the decryption policy
is only satisfied if the decryption key can be remotely accessed. It could for example
be stored in a remote server or in a hardware authentication device that has to be
plugged into the machine.

The tpm2 pin is different in this regard, since a key is wrapped by a TPM2 chip that
is always present in the machine. This does not mean that there are not use cases
for this pin, but it is important to understand the fact that an attacker that has access
to both the encrypted data and the local TPM2 chip will be able to decrypt the data.

So just using the clevis tpm2 pin protects you from someone stealing an encrypted disk from a physical machine or a guest VM from a host. But it doesn't protect from someone stealing a laptop for example and get access to both the encrypted media and the tpm2 device.

For the latter case, the disk should also be bound to something that won't be accessible by the attacker. For example using the Shamir Shared Secret pin and splitting the key in two parts and use both the tpm2 and the tang server to store those parts.

@moonwolf-github
Copy link
Author

That explained everything to me, thank you again!

@martinezjavier
Copy link
Contributor

@moonwolf-github you are welcome!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@martinezjavier @moonwolf-github