systemd-measure SHA1 PCR bank does not use SHA256 to sign the policy-digest json file

[jrnewell]

systemd version the issue has been seen with

259

Used distribution

Arch Linux

Linux kernel version used

6.17.11-hardened1-1-hardened

CPU architectures issue was seen on

x86_64

Component

other

Expected behaviour you didn't see

# Working PCR11 signature in UKI
sudo ukify --section='.pcrsig:text' inspect "/efi/EFI/arch/linux-hardened.efi"
.pcrsig:
  size: 533 bytes
  sha256: 4b7e70fca85b5eb1e54dff63fa83214fab84206577a7ce47a7b43c02fb0b5ac4
  text:
    {"sha1": [{"pcrs": [11], "pkfp": "76821d7b4cc434f335776b288001ae62ffbffd578452471ae5172849317b4c33", "pol": "265bfca5096406428767dc042c29efada44531215eeab0c272e6465195d77888", "sig": "jsv24k07cKP5YNaxV9hkHNE4veEjIy/BXEbOPnjV+D/1VIaRRJtcdneOunEGD/bvFCUsPMjkDfVREmGemyBFaTUJFwry6JnFbyVDxG9CYRHv3GaC8DvAgV26wFpV1Q5um4Dbzbf3CSSnw113FG4IstUtyTww/f3Xu124uT7/bYadtJMc8Sbu8wrq0mrwxI4T5uecG+K8WvxWyXMOpPctPqFg9UjpfJtuiTQe0iszwRXjbGt1kGpfds7bODsjCm4yew29bTJJc7pASLK+RrYs6MN9f3OuChBt0gVqF9Afy9jydVeHzs4DxXRo5Vuc8CbZma9dmnI93f5xT1CKRzDdlA=="}]}

Unexpected behaviour you saw

# Extract sections from uki
$ sudo ukify --section='.sbat:text@/tmp/sbat.txt' \
      --section='.osrel:text@/tmp/osrel.txt' \
      --section='.cmdline:text@/tmp/cmdline.txt' \
      --section='.uname:text@/tmp/uname.txt' \
      --section='.linux:binary@/tmp/linux' \
      --section='.initrd:binary@/tmp/initrd.img' \
      inspect "/efi/EFI/arch/linux-hardened.efi"

# Caclculate signature of PCR11 using systemd-measure
$ sudo /usr/lib/systemd/systemd-measure sign \
  --sbat=/tmp/sbat.txt \
  --osrel=/tmp/osrel.txt \
  --cmdline=/tmp/cmdline.txt \
  --uname=/tmp/uname.txt \
  --linux=/tmp/linux \
  --initrd=/tmp/initrd.img \
  --pcrpkey=/etc/systemd/tpm2-pcr-public-key.pem  \
  --bank=sha1 \
  --private-key=/etc/systemd/tpm2-pcr-private-key.pem \
  --public-key=/etc/systemd/tpm2-pcr-public-key.pem \
  --phase="enter-initrd" \
  --json="short"
{"sha1":[{"pcrs":[11],"pkfp":"76821d7b4cc434f335776b288001ae62ffbffd578452471ae5172849317b4c33","pol":"265bfca5096406428767dc042c29efada44531215eeab0c272e6465195d77888","sig":"HRIdLm7FAtthnab8j4nJ9kKhMTbN5y9M7J/r6mz6sFb0Is3ndlW+N8qlhMvAIwmytbvg1JpaLigu6/EtOikt2Y7qN/mgZ46i9mmmOdw9zhqV41sAEZVSj6i1gVzeW28XESkgZGsDGq7b78etU8d0Ewsl2Sab5KkwzX6ZFBFJvupSv5+tdJZgX9OIDuXa/tFX5bIvNyJi7YP9ceswWnsa93w58gAjdciMhqnzXSFIHIexAKh9UFKV5FQPQX0C56vjAHGNS3K1e6CjblTDQdKrGfn19OG3xXw+c1iUTTW4UtuUx7wiG4eV2udeu/ubTy+/70BG0CwWyYaBzKLWHqHMqQ=="}]}

# Notice field "sig" is different than the working sig

Steps to reproduce the problem

# Just use ukify with sha1 banks
sudo ukify build ... --pcrpkey /etc/systemd/tpm2-pcr-public-key.pem --pcr-banks sha1 --pcr-private-key /etc/systemd/tpm2-pcr-private-key.pem --pcr-public-key /etc/systemd/tpm2-pcr-public-key.pem --phases enter-initrd --output "/efi/EFI/arch/linux-hardened.efi"

More Notes

In tpm2_policy_authorize() within tpm2-util.c, the signature is verified with SHA256 hardcoded:

TPMT_SIGNATURE policy_signature = {
        .sigAlg = TPM2_ALG_RSASSA,
        .signature.rsassa = {
                .hash = TPM2_ALG_SHA256,   // ← HARDCODED!
                .sig = TPM2B_PUBLIC_KEY_RSA_MAKE(signature_raw, signature_size),
        },
};

In int build_policy_digest(bool sign) within measure-tool.c, the policy digest is signed with the PCR bank algorithm:

r = digest_and_sign(p->md, privkey, pcr_policy_digest.buffer, pcr_policy_digest.size, &sig, &ss);
if (r == -EADDRNOTAVAIL)
    return log_error_errno(r, "Hash algorithm '%s' not available while signing. (Maybe OS security policy disables this algorithm?)", EVP_MD_name(p->md));

The fix is to use SHA256 in the policy generation regardless of the bank since that is how it is verified later

Additional program output to the terminal or log subsystem illustrating the issue