summaryrefslogtreecommitdiffstats
path: root/src/cryptsetup (follow)
Commit message (Collapse)AuthorAgeFilesLines
* tpm2: whenever we measure, also write a tpm log recordLennart Poettering2023-08-301-1/+1
| | | | | | | | | | | | | | | | | | Previously we only logged our measurements to the journal. This is not a great solution though, since regular logs are subject to rotation, which is something we really cannot have for measurements (as it means we can never reproduce the PCR values from the data). Hence, let's maintain an explicit log. Ideally, we'd just use the TCG Canonical Event Log format 1:1 (https://trustedcomputinggroup.org/resource/canonical-event-log-format/). However it's not a perfect fit fo us, for various reasons. But let's follow it (in its JSON incantation) as closely at it makes sense, so that it can easily be converted to the full format by programs consuming it. Code comments explain where we deviate from the TCG CEL-JSON, and what to do about it when reading the data.
* fundamental: rename tpm-pcr.h → tpm2-pcr.hLennart Poettering2023-08-241-1/+1
| | | | | | | | | I always found it confusing that most of our TPM related definitions are in tpm2-util.h, but the PCR names in tpm-pcr.h, without the "2". Let's fix that and make this systematic, in particular as the definitions in the file all start with TPM2_ already. No code flow changes, just some renaming.
* tpm2: unify symbolic name infra for PCRsLennart Poettering2023-08-241-1/+1
| | | | | | | | | | | | | We so far maintained two places for symboic names for PCRs. One in tpm2-util.h and one in tpm-pcr.h. Let's unify this into one, i.e. move the full list from tpm2-util.h into tpm-pcr.h, replacing the short list placed so far there. Systematically prefix the definitions with TPM2_ or tpm2_, to follow how we do this for all other defines in this context. No change in behaviour, just unification of tables.
* various: use _NEG_ macros to reduce indentationZbigniew Jędrzejewski-Szmek2023-08-161-4/+5
| | | | No functional change intended.
* tpm2: change tpm2_parse_pcr_argument() parameters to parse to Tpm2PCRValue arrayDan Streetman2023-08-041-1/+1
| | | | | | | In order to allow users to specify expected PCR values, change the tpm2_parse_pcr_argument() to parse the text argument into an array of Tpm2PCRValue objects, which provide not only the selected PCR indexes, but also (optionally) the hash algorithm and hash value for each PCR index.
* tpm2: add Tpm2PCRValue struct and associated functionsDan Streetman2023-08-042-2/+2
| | | | | | | | Add a new struct that can represent a PCR index, hash, and value all together. This replaces code (e.g. the tpm2_pcr_read() parameters) that required using both a TPML_PCR_SELECTION as well as array of TPM2B_DIGEST entries, which was difficult to correlate the selection hash/index to each digest.
* meson: move declarations of cryptsetup and friendsYu Watanabe2023-07-311-0/+18
|
* meson: move declaration of cryptsetup token modulesYu Watanabe2023-07-312-3/+53
|
* Merge pull request #28428 from ldv-alt/ERRNO_ISLuca Boccassi2023-07-301-3/+4
|\ | | | | treewide: cleanup use of ERRNO_IS_*(r)
| * cryptsetup: cleanup use of ERRNO_IS_NOT_SUPPORTED()Dmitry V. Levin2023-07-281-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | Given that ERRNO_IS_NOT_SUPPORTED() also matches positive values, make sure this macro is not called with arguments that do not have errno semantics. In this case the argument passed to ERRNO_IS_NOT_SUPPORTED() is the value returned by find_tpm2_auto_data() which is not expected to return any positive values, but let's be consistent anyway and move the ERRNO_IS_NOT_SUPPORTED() invocation to the branch where the return value is known to be negative.
* | Drop split-usr and unmerged-usr supportLuca Boccassi2023-07-281-2/+2
|/ | | | | | | | | | As previously announced, execute order 66: https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html The meson options split-usr, rootlibdir and rootprefix become no-ops that print a warning if they are set to anything other than the default values. We can remove them in a future release.
* tpm2: replace _cleanup_tpm2_* macros with _cleanup_()Dan Streetman2023-06-081-1/+1
| | | | | | Remove _cleanup_tpm2_context_ and _cleanup_tpm2_handle_ macros, replacing their use with _cleanup_(tpm2_context_unrefp) and _cleanup_(tpm2_handle_freep), respectively.
* generators: change TimeoutSec=0 to TimeoutSec=infinityLennart Poettering2023-06-061-1/+2
| | | | | | | | | | | | | | | With these settings we intend to turn off timeouts for possibly interactive/slow commands. The officially documented way to turn off the time-outs is to setting them to infinity. So far we set them to zero here though. This lead to some confusiong, for example #18224. Let's fix this by uniformly spelling out TimeoutSec=infinity. This doesn't change behaviour. It just makes our generated files match what we document, without relying on historic compat support. Fixes: #18224
* cryptsetup: avoid calling strv_find() on a NULL pointerFrantisek Sumsal2023-06-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | When the header= option comes before any other type= defining one, we trip over an assertion: Jun 04 15:45:33 H testsuite-24.sh[752]: + systemctl start systemd-cryptsetup@detached.service Jun 04 15:45:33 H systemd[1]: Starting systemd-cryptsetup@detached.service... Jun 04 15:45:33 H systemd-cryptsetup[4641]: Assertion 'name' failed at src/basic/strv.c:21, function strv_find(). Aborting. ... Jun 04 15:45:33 H systemd-coredump[4643]: Process 4641 (systemd-cryptse) of user 0 dumped core. ... Stack trace of thread 4641: #0 0x00007ff9256afe5c __pthread_kill_implementation (libc.so.6 + 0x8ce5c) #1 0x00007ff92565fa76 raise (libc.so.6 + 0x3ca76) #2 0x00007ff9256497fc abort (libc.so.6 + 0x267fc) #3 0x00007ff926076047 log_assert_failed (libsystemd-shared-253.so + 0x276047) #4 0x00007ff9260ab317 strv_find (libsystemd-shared-253.so + 0x2ab317) #5 0x0000000000405927 parse_one_option (systemd-cryptsetup + 0x5927) #6 0x0000000000407793 parse_options (systemd-cryptsetup + 0x7793) #7 0x000000000040fa0c run (systemd-cryptsetup + 0xfa0c) #8 0x000000000041137f main (systemd-cryptsetup + 0x1137f) #9 0x00007ff92564a510 __libc_start_call_main (libc.so.6 + 0x27510) #10 0x00007ff92564a5c9 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x275c9) #11 0x0000000000403915 _start (systemd-cryptsetup + 0x3915) ELF object binary architecture: AMD x86-64
* {crypt|verity}setup: mention volume name in some error messagesLennart Poettering2023-06-011-2/+2
|
* {crypt|verity}setup: replace dep on systemd-tmpfiles-setup-dev.service by ↵Lennart Poettering2023-06-011-5/+5
| | | | | | | | | | | | modprobe@loop.service Both should have the same effect: the /dev/loop-control devices should become available. systemd-tmpfiles-setup-dev.service creates the device node "dry" based on modalias data, while modprobe@loop.service creates it fully, because the module backing it is loaded properly. This should shorten the deps chain a bit, simplify things and allows us to focus on the stuff we actually need (i.e. the loopback infra) instead of all entrypoints anyone might possibly need (i.e. the device nodes)
* cryptsetup-generator: imply x-initrd.attach for "usr" and "root" volumesLennart Poettering2023-06-011-6/+18
| | | | | | | | | | | | | | | | | | | | | | | | | Let's imply "x-initrd.attach" for "usr" and "root" volumes, so that we do not attempt to umount them anymore during shutdown. The names of these volumes have been mandated by the Discoverable Partition Spec: https://uapi-group.org/specifications/specs/discoverable_partitions_specification/#suggested-mode-of-operation Hence it appears reasonably safe to special case these volume names. Note that a similar logic is implemented in fstab-generator and in fact PID 1 to treat the root mount and /usr/ mount specially too, to avoid trying to umount it at shutdown. (This is what fstab_is_extrinsic() checks). This should ensure that if /usr/ or / is for some reason a LUKS medium we won't try to detach it during runtime, which likely fails, since we run off it. Note this also moves an ordering dep towards umount.target under the x-initrd.attach check, becasue that's where the crucial conflicts dep is placed too.
* cryptsetup: fix whitespace issueLennart Poettering2023-06-011-1/+1
|
* tpm: remove external calls to dlopen_tpm2()Dan Streetman2023-05-311-4/+0
| | | | | The calls outside tpm2-util.c are redundant, as tpm2_context_new() is always called immediately after, which then calls dlopen_tpm2().
* crypttab: Support for VeraCrypt PIM and detached headers for ↵Klaus Zipfel2023-05-061-3/+20
| | | | | TrueCrypt/VeraCrypt (#27548) * Added veracrypt-pim=<PIM> LUKS option for crypttab
* cryptsetup: downgrade a bunch of log messages that to LOG_WARNINGLennart Poettering2023-05-031-38/+24
| | | | | In all these cases we ignore the failure, hence per our rule the log level should be below LOG_ERR. Fix that.
* cryptsetup: fix build without TPM2Luca Boccassi2023-04-041-0/+4
| | | | Follow-up for acbb504eaf1be51572b1c0d0d490ac478bc41c64
* tpm2: add support for a trusted SRKWilliam Roberts2023-04-036-8/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prevent attackers from spoofing the tpmKey portion of the AuthSession by adding a trusted key to the LUKS header metadata. Also, use a persistent object rather than a transient object. This provides the following benifits: 1. No way to MITM the tpmKey portion of the session, see [1] for details. 2. Strengthens the encrypted sessions, note that the bindKey could be dropped now. 3. Speed, once it's created we just use it. 4. Owner Auth is needed to call create primary, so using the SRK creates a scratch space for normal users. This is a "first to set" model, in where the first person to set the key in the LUKS header wins. Thus, setup should be done in a known good state. If an SRK, which is a primary key at a special persistent address, is found, it will use whatever is there. If not, it creates an SRK. The SRK follows the convetions used through the tpm2-software organization code on GitHub [2], however, a split has occured between Windows and Linux with respect to SRK templates. The Linux SRK is generated with the unique field size set to 0, in Windows, it properly sets the size to key size in bytes and the unique data to all 0's of that size. Note the proper templates for SRKs is covered in spec [3]. However, the most important thing, is that both SRKs are passwordless, and thus they should be interchangable. If Windows is the first to make the SRK, systemd will gladly accept it and vice-versa. 1. Without the bindKey being utilized, an attacker was able to intercept this and fake a key, thus being able to decrypt and encrypt traffic as needed. Introduction of the bindKey strengthened this, but allows for the attacker to brute force AES128CFB using pin guesses. Introduction of the salt increases the difficulty of this attack as well as DA attacks on the TPM objects itself. 2. https://github.com/tpm2-software 3. https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf Fixes: #20668 Fixes: #22637 Signed-off-by: William Roberts <william.c.roberts@intel.com>
* meson: Introduce userspace depJan Janssen2023-03-101-0/+1
| | | | This will help in a later commit to separate userspace from EFI builds.
* tpm2: add/rename functions to manage pcr selectionsDan Streetman2023-03-091-6/+6
| | | | | | This renames some functions to match other to/from_string() naming, and allows better management of TPML_PCR_SELECTION and TPMS_PCR_SELECTION structs.
* tpm2: add TPM2_PCR_VALID()Dan Streetman2023-03-092-2/+2
|
* cryptsetup: check the existence of salt by salt_size > 0Yu Watanabe2023-02-171-1/+1
| | | | | | Follow-up for 504d0acf61c8472bc93c2a927e858074873b2eaf. The function may be called with non-NULL salt and salt_size == 0.
* cryptsetup: do not assert when unsealing token without saltLuca Boccassi2023-02-152-2/+5
| | | | | | | | Salt was added in v253. We are not checking whether it was actually found (non-zero size), so when an old tpm+pin enrollment is opened things go boom. For good measure, check both the buffer and the size in both places. Assertion 'saltlen > 0' failed at src/shared/tpm2-util.c:2490, function tpm2_util_pbkdf2_hmac_sha256(). Aborting.
* tpm2: use Tpm2Context* instead of ESYS_CONTEXT*Dan Streetman2023-02-011-2/+2
| | | | | This is needed for later patches that use Tpm2Handle, which requires access to the Tpm2Context.
* tpm2: use ref counter for Tpm2ContextDan Streetman2023-02-011-4/+4
| | | | | | | This will be used by Tpm2Handle instances, which is added in later patches. The refcounting allows the context to be retained until all Tpm2Handles have been cleaned up, and the initial ref is released, before cleaning the context.
* tpm2: rename struct tpm2_context to Tpm2ContextDan Streetman2023-02-011-1/+1
| | | | This aligns with systemd coding guidelines for struct naming
* tpm2: rename tpm2 alg id<->string functionsDan Streetman2023-02-011-4/+4
| | | | | | The 'pcr_bank' functions operate on hash algs, and are not specific to the PCR banks, while the 'primary_alg' functions operate on asymmetric algs, and are not specific to primary keys.
* shared/efi-loader: fix compilation with !ENABLE_EFI, improve messagesZbigniew Jędrzejewski-Szmek2023-01-251-2/+2
| | | | | | | | | | | | When compiled without ENABLE_EFI, efi_stub_measured() was not defined, so compilation would fail. But it's not enough to add a stub that returns -EOPNOTSUPP. We call this function in various places and usually print the error at warning or error level, so we'd print a confusing message. We also can't add a stub that always returns 0, because then we'd print a message like "Kernel stub did not measure", which would be confusing too. Adding special handling for -EOPNOTSUPP in every caller is also unattractive. So instead efi_stub_measured() is reworked to log the warning or error internally, and such logging is removed from the callers, and a stub is added that logs a custom message.
* meson: Do not include headers in source listsJan Janssen2023-01-242-9/+5
| | | | | | Meson+ninja+compiler do this for us and are better at it. https://mesonbuild.com/FAQ.html#do-i-need-to-add-my-headers-to-the-sources-list-like-in-autotools
* string-util: add common implementation of function that converts sized ↵Lennart Poettering2023-01-211-17/+3
| | | | character buffers to NUL terminated C strings
* tree-wide: fix typoYu Watanabe2023-01-201-1/+1
|
* tpm2: add salt to pinWilliam Roberts2023-01-186-10/+74
| | | | | | | | | | Add a salt to the pin and store it in the TPM2 LUKS header for future this. This adds entropy to user supplied pins and helps brute forcing the passphrase on the key residing in the TPM or brute forcing bind key encrypted sessions with low entropy passphrases. Signed-off-by: malikabhi05 <abhishek.malik@intel.com> Signed-off-by: William Roberts <william.c.roberts@intel.com>
* tpm2: add common helper for checking if we are running on UKI with TPM ↵Lennart Poettering2023-01-171-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | measurements Let's introduce a common implementation of a function that checks whether we are booted on a kernel with systemd-stub that has TPM PCR measurements enabled. Do our own userspace measurements only if we detect that. PCRs are scarce and most likely there are projects which already make use of them in other ways. Hence, instead of blindly stepping into their territory let's conditionalize things so that people have to explicitly buy into our PCR assignments before we start measuring things into them. Specifically bind everything to an UKI that reported measurements. This was previously already implemented in systemd-pcrphase, but with this change we expand this to all tools that process PCR measurement settings. The env var to override the check is renamed to SYSTEMD_FORCE_MEASURE, to make it more generic (since we'll use it at multiple places now). This is not a compat break, since the original env var for that was not included in any stable release yet.
* cryptsetup: add tpm2-measure-pcr= and tpm2-measure-bank= crypttab optionsLennart Poettering2023-01-171-14/+212
| | | | | | | | | These options allow measuring the volume key used for unlocking the volume to a TPM2 PCR. This is ideally used for the volume key of the root file system and can then be used to bind other resources to the root file system volume in a secure way. See: #24503
* tree-wide: fix return value handling of base64mem()Lennart Poettering2023-01-114-21/+27
| | | | | | | | | | | This returns an ssize_t, not an int. On populare archs that's the difference between 64bit and 32bit. hence, let's be more careful here, and not silently drop half the bits on the ground by assigning the return value to "int". As noticed by @malikabhi05: https://github.com/systemd/systemd/pull/24754#discussion_r1062903159
* cryptsetup-fido2: Remove plain mode parameters from `acquire_fido2_key_auto()`Peter Cai2022-12-221-1/+0
| | | | | | | `acquire_fido2_key_auto()` will not be used in PLAIN mode, and parameters such as the salt will be acquired from the LUKS header. Parameters intended for PLAIN mode are useless in `acquire_fido2_key_auto()`.
* cryptsetup-fido2: Relocate to libsystemd-sharedPeter Cai2022-12-223-370/+0
|
* cryptsetup-fido2: Try all FIDO2 key slots when opening LUKS volumePeter Cai2022-12-123-115/+123
| | | | | | | | | | | | | After #25268, it is now possible to check whether a credential is present on a FIDO2 token without actually attempting to retrieve said credential. However, when cryptsetup plugins are not enabled, the fallback unlock routines are not able to make multiple attempts with multiple different FIDO2 key slots. Instead of looking for one FIDO2 key slot when trying to unlock, we now attempt to use all key slots applicable. Fixes #19208.
* nulstr-util: Declare NULSTR_FOREACH() iterator inlineDaan De Meyer2022-11-111-1/+1
|
* basic: rename util.h to logarithm.hZbigniew Jędrzejewski-Szmek2022-11-081-1/+0
| | | | | util.h is now about logarithms only, so we can rename it. Many files included util.h for no apparent reason… Those includes are dropped.
* tree-wide: set description for device managerYu Watanabe2022-10-181-0/+4
|
* cryptsetup: drop redundant parens/drop ternary opLennart Poettering2022-10-171-1/+2
| | | | | A ternary op is a bit weird to use if we end up assigning a variable to itself in one of the branches. Hence use a plain if check.
* cryptsetup: use errno-flavoured logging where we have an errnoLennart Poettering2022-10-171-7/+4
|
* cryptsetup: use TPM flags over boolWilliam Roberts2022-09-201-1/+1
| | | | | | | | | This works becuase TPM2_FLAGS_USE_PIN is 1 and bool is a 1 so the bits line up as expected, however if for some reason flags change values and for clarity check if the boolean indicates this flag and pass the flag value. Signed-off-by: William Roberts <william.c.roberts@intel.com>
* tree-wide: use ASSERT_PTR moreDavid Tardon2022-09-131-2/+1
|