On Fri, Jun 28, 2024 at 04:18:59PM +0800, Gary Lin via Grub-devel wrote:
> From: Hernan Gatta <hega...@linux.microsoft.com>
>
> The TPM2 key protector is a module that enables the automatic retrieval
> of a fully-encrypted disk's unlocking key from a TPM 2.0.
>
> The theory of operation is such that the module accepts various
> arguments, most of which are optional and therefore possess reasonable
> defaults. One of these arguments is the keyfile/tpm2key parameter, which
> is mandatory. There are two supported key formats:
>
> 1. Raw Sealed Key (--keyfile)
> When sealing a key with TPM2_Create, the public portion of the sealed
> key is stored in TPM2B_PUBLIC, and the private portion is in
> TPM2B_PRIVATE. The raw sealed key glues the fully marshalled
> TPM2B_PUBLIC and TPM2B_PRIVATE into one file.
>
> 2. TPM 2.0 Key (--tpm2key)
> The following is the ASN.1 definition of TPM 2.0 Key File:
>
> TPMPolicy ::= SEQUENCE {
> CommandCode [0] EXPLICIT INTEGER
> CommandPolicy [1] EXPLICIT OCTET STRING
> }
>
> TPMAuthPolicy ::= SEQUENCE {
> Name [0] EXPLICIT UTF8STRING OPTIONAL
> Policy [1] EXPLICIT SEQUENCE OF TPMPolicy
> }
>
> TPMKey ::= SEQUENCE {
> type OBJECT IDENTIFIER
> emptyAuth [0] EXPLICIT BOOLEAN OPTIONAL
> policy [1] EXPLICIT SEQUENCE OF TPMPolicy OPTIONAL
> secret [2] EXPLICIT OCTET STRING OPTIONAL
> authPolicy [3] EXPLICIT SEQUENCE OF TPMAuthPolicy OPTIONAL
> description [4] EXPLICIT UTF8String OPTIONAL,
> rsaParent [5] EXPLICIT BOOLEAN OPTIONAL,
> parent INTEGER
> pubkey OCTET STRING
> privkey OCTET STRING
> }
>
> The TPM2 key protector only expects a "sealed" key in DER encoding,
> so 'type' is always 2.23.133.10.1.5, 'emptyAuth' is 'TRUE', and
> 'secret' is empty. 'policy' and 'authPolicy' are the possible policy
> command sequences to construst the policy digest to unseal the key.
> Similar to the raw sealed key, the public portion (TPM2B_PUBLIC) of
> the sealed key is stored in 'pubkey', and the private portion
> (TPM2B_PRIVATE) is in 'privkey'.
>
> For more details:
> https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html
>
> This sealed key file is created via the grub-protect tool. The tool
> utilizes the TPM's sealing functionality to seal (i.e., encrypt) an
> unlocking key using a Storage Root Key (SRK) to the values of various
> Platform Configuration Registers (PCRs). These PCRs reflect the state
> of the system as it boots. If the values are as expected, the system
> may be considered trustworthy, at which point the TPM allows for a
> caller to utilize the private component of the SRK to unseal (i.e.,
> decrypt) the sealed key file. The caller, in this case, is this key
> protector.
>
> The TPM2 key protector registers two commands:
>
> - tpm2_key_protector_init: Initializes the state of the TPM2 key
> protector for later usage, clearing any
> previous state, too, if any.
>
> - tpm2_key_protector_clear: Clears any state set by tpm2_key_protector_init.
>
> The way this is expected to be used requires the user to, either
> interactively or, normally, via a boot script, initialize/configure
> the key protector and then specify that it be used by the 'cryptomount'
> command (modifications to this command are in a different patch).
>
> For instance, to unseal the raw sealed key file:
>
> tpm2_key_protector_init --keyfile=(hd0,gpt1)/efi/grub2/sealed-1.key
> cryptomount -u <PART1_UUID> -P tpm2
>
> tpm2_key_protector_init --keyfile=(hd0,gpt1)/efi/grub2/sealed-2.key
> --pcrs=7,11
> cryptomount -u <PART2_UUID> -P tpm2
>
> Or, to unseal the TPM 2.0 Key file:
>
> tpm2_key_protector_init --tpm2key=(hd0,gpt1)/efi/grub2/sealed-1.tpm
> cryptomount -u <PART1_UUID> -P tpm2
>
> tpm2_key_protector_init --tpm2key=(hd0,gpt1)/efi/grub2/sealed-2.tpm
> --pcrs=7,11
> cryptomount -u <PART2_UUID> -P tpm2
>
> If a user does not initialize the key protector and attempts to use it
> anyway, the protector returns an error.
>
> Before unsealing the key, the TPM2 key protector follows the "TPMPolicy"
> sequences to enforce the TPM policy commands to construct a valid policy
> digest to unseal the key.
>
> For the TPM 2.0 Key files, 'authPolicy' may contain multiple "TPMPolicy"
> sequences, the TPM2 key protector iterates 'authPolicy' to find a valid
> sequence to unseal key. If 'authPolicy' is empty or all sequences in
> 'authPolicy' fail, the protector tries the one from 'policy'. In case
> 'policy' is also empty, the protector creates a "TPMPolicy" sequence
> based on the given PCR selection.
>
> For the raw sealed key, the TPM2 key protector treats the key file as a
> TPM 2.0 Key file without 'authPolicy' and 'policy', so the "TPMPolicy"
> sequence is always based on the PCR selection from the command
> parameters.
>
> This commit only supports one policy command: TPM2_PolicyPCR. The
> command set will be extended to support advanced features, such as
> authorized policy, in the later commits.
>
> Cc: Stefan Berger <stef...@linux.ibm.com>
> Cc: James Bottomley <j...@linux.ibm.com>
> Signed-off-by: Hernan Gatta <hega...@linux.microsoft.com>
> Signed-off-by: Gary Lin <g...@suse.com>
> ---
> grub-core/Makefile.core.def | 11 +
> grub-core/commands/tpm2_key_protector/args.c | 130 ++
> .../commands/tpm2_key_protector/module.c | 1162 +++++++++++++++++
> grub-core/commands/tpm2_key_protector/tpm2.h | 36 +
> .../commands/tpm2_key_protector/tpm2_args.h | 51 +
> .../commands/tpm2_key_protector/tpm2key.asn | 49 +
> .../commands/tpm2_key_protector/tpm2key.c | 499 +++++++
> .../commands/tpm2_key_protector/tpm2key.h | 87 ++
> .../tpm2_key_protector/tpm2key_asn1_tab.c | 63 +
> 9 files changed, 2088 insertions(+)
> create mode 100644 grub-core/commands/tpm2_key_protector/args.c
> create mode 100644 grub-core/commands/tpm2_key_protector/module.c
> create mode 100644 grub-core/commands/tpm2_key_protector/tpm2.h
> create mode 100644 grub-core/commands/tpm2_key_protector/tpm2_args.h
> create mode 100644 grub-core/commands/tpm2_key_protector/tpm2key.asn
> create mode 100644 grub-core/commands/tpm2_key_protector/tpm2key.c
> create mode 100644 grub-core/commands/tpm2_key_protector/tpm2key.h
> create mode 100644 grub-core/commands/tpm2_key_protector/tpm2key_asn1_tab.c
>
[...]
> diff --git a/grub-core/commands/tpm2_key_protector/module.c
> b/grub-core/commands/tpm2_key_protector/module.c
> new file mode 100644
> index 000000000..79440474b
> --- /dev/null
> +++ b/grub-core/commands/tpm2_key_protector/module.c
[...]
> +static grub_err_t
> +grub_tpm2_protector_srk_read_file (const char *filepath, void **buffer,
> + grub_size_t *buffer_size)
> +{
> + grub_file_t file;
> + grub_off_t file_size;
> + void *read_buffer;
> + grub_off_t read_n;
> + grub_err_t err;
> +
> + /* Using GRUB_FILE_TYPE_SIGNATURE ensures we do not hash the keyfile into
> PCR9
> + * otherwise we'll never be able to predict the value of PCR9 at unseal
> time */
Wrong coding style...
> + file = grub_file_open (filepath, GRUB_FILE_TYPE_SIGNATURE);
> + if (file == NULL)
> + {
> + /* Push errno from grub_file_open() into the error message stack */
> + grub_error_push();
> + err = grub_error (GRUB_ERR_FILE_NOT_FOUND, N_("Could not open file:
> %s\n"), filepath);
> + goto error;
> + }
> +
> + file_size = grub_file_size (file);
> + if (file_size == 0)
> + {
> + err = grub_error (GRUB_ERR_OUT_OF_RANGE, N_("Could not read file size:
> %s"), filepath);
> + goto error;
> + }
> +
> + read_buffer = grub_malloc (file_size);
> + if (read_buffer == NULL)
> + {
> + err = grub_error (GRUB_ERR_OUT_OF_MEMORY, N_("Could not allocate
> buffer for %s"), filepath);
> + goto error;
> + }
> +
> + read_n = grub_file_read (file, read_buffer, file_size);
> + if (read_n != file_size)
> + {
> + grub_free (read_buffer);
> + err = grub_error (GRUB_ERR_FILE_READ_ERROR, N_("Could not retrieve
> file contents: %s"), filepath);
> + goto error;
> + }
> +
> + *buffer = read_buffer;
> + *buffer_size = file_size;
> +
> + err = GRUB_ERR_NONE;
> +
> + error:
> + if (file != NULL)
> + grub_file_close (file);
> +
> + return err;
> +}
> +
> +static grub_err_t
> +grub_tpm2_protector_srk_unmarshal_keyfile (void *sealed_key,
> + grub_size_t sealed_key_size,
> + tpm2_sealed_key_t *sk)
> +{
> + struct grub_tpm2_buffer buf;
> +
> + grub_tpm2_buffer_init (&buf);
> + if (sealed_key_size > buf.cap)
> + return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("Sealed key larger than %"
> PRIuGRUB_SIZE " bytes"), buf.cap);
Macros, e.g PRIuGRUB_SIZE, cannot be used in _() and N_() macros.
In general please double check _() and N_() macros usage and drop some
of them as Vladimir suggested.
[...]
> diff --git a/grub-core/commands/tpm2_key_protector/tpm2key_asn1_tab.c
> b/grub-core/commands/tpm2_key_protector/tpm2key_asn1_tab.c
> new file mode 100644
> index 000000000..bebe108a3
> --- /dev/null
> +++ b/grub-core/commands/tpm2_key_protector/tpm2key_asn1_tab.c
> @@ -0,0 +1,63 @@
> +/*
> + * GRUB -- GRand Unified Bootloader
> + * Copyright (C) 2024 Free Software Foundation, Inc.
> + *
> + * GRUB is free software: you can redistribute it and/or modify
> + * it under the terms of the GNU General Public License as published by
> + * the Free Software Foundation, either version 3 of the License, or
> + * (at your option) any later version.
> + *
> + * GRUB is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> + * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +/*
> + * This file is generated by 'asn1Parser tpm2key.asn' and the '#include'
> + * headers are replaced with the ones in grub2.
> + * - 'grub/mm.h' for the definition of 'NULL'
> + * - 'libtasn1.h' for the definition of 'asn1_static_node'
I think the configure.ac should be updated to check for availability of
asn1Parser command. This requirement should be reflected in INSTALL file
too.
Daniel
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
