Commit Graph

443 Commits

Author SHA1 Message Date
Luca Boccassi
b0d3095fd6 Drop split-usr and unmerged-usr support
As previously announced, execute order 66:

https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html

The meson options split-usr, rootlibdir and rootprefix become no-ops
that print a warning if they are set to anything other than the
default values. We can remove them in a future release.
2023-07-28 19:34:03 +01:00
Dan Streetman
1dc8f51841 tpm2: replace _cleanup_tpm2_* macros with _cleanup_()
Remove _cleanup_tpm2_context_ and _cleanup_tpm2_handle_ macros, replacing their
use with _cleanup_(tpm2_context_unrefp) and _cleanup_(tpm2_handle_freep),
respectively.
2023-06-08 01:09:08 +02:00
Lennart Poettering
a9b837aa34 generators: change TimeoutSec=0 to TimeoutSec=infinity
With these settings we intend to turn off timeouts for possibly
interactive/slow commands. The officially documented way to turn off the
time-outs is to setting them to infinity. So far we set them to zero
here though.

This lead to some confusiong, for example #18224. Let's fix this by
uniformly spelling out TimeoutSec=infinity.

This doesn't change behaviour. It just makes our generated files match
what we document, without relying on historic compat support.

Fixes: #18224
2023-06-06 12:38:16 +01:00
Frantisek Sumsal
cdece7e30a cryptsetup: avoid calling strv_find() on a NULL pointer
When the header= option comes before any other type= defining one, we
trip over an assertion:

Jun 04 15:45:33 H testsuite-24.sh[752]: + systemctl start systemd-cryptsetup@detached.service
Jun 04 15:45:33 H systemd[1]: Starting systemd-cryptsetup@detached.service...
Jun 04 15:45:33 H systemd-cryptsetup[4641]: Assertion 'name' failed at src/basic/strv.c:21, function strv_find(). Aborting.
...
Jun 04 15:45:33 H systemd-coredump[4643]: Process 4641 (systemd-cryptse) of user 0 dumped core.
...
                                          Stack trace of thread 4641:
                                          #0  0x00007ff9256afe5c __pthread_kill_implementation (libc.so.6 + 0x8ce5c)
                                          #1  0x00007ff92565fa76 raise (libc.so.6 + 0x3ca76)
                                          #2  0x00007ff9256497fc abort (libc.so.6 + 0x267fc)
                                          #3  0x00007ff926076047 log_assert_failed (libsystemd-shared-253.so + 0x276047)
                                          #4  0x00007ff9260ab317 strv_find (libsystemd-shared-253.so + 0x2ab317)
                                          #5  0x0000000000405927 parse_one_option (systemd-cryptsetup + 0x5927)
                                          #6  0x0000000000407793 parse_options (systemd-cryptsetup + 0x7793)
                                          #7  0x000000000040fa0c run (systemd-cryptsetup + 0xfa0c)
                                          #8  0x000000000041137f main (systemd-cryptsetup + 0x1137f)
                                          #9  0x00007ff92564a510 __libc_start_call_main (libc.so.6 + 0x27510)
                                          #10 0x00007ff92564a5c9 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x275c9)
                                          #11 0x0000000000403915 _start (systemd-cryptsetup + 0x3915)
                                          ELF object binary architecture: AMD x86-64
2023-06-05 16:50:13 +02:00
Lennart Poettering
ffe0da297d {crypt|verity}setup: mention volume name in some error messages 2023-06-01 18:49:43 +02:00
Lennart Poettering
ce49a479d2 {crypt|verity}setup: replace dep on systemd-tmpfiles-setup-dev.service by modprobe@loop.service
Both should have the same effect: the /dev/loop-control devices should
become available. systemd-tmpfiles-setup-dev.service creates the device
node "dry" based on modalias data, while modprobe@loop.service creates
it fully, because the module backing it is loaded properly. This should
shorten the deps chain a bit, simplify things and allows us to focus on
the stuff we actually need (i.e. the loopback infra) instead of all
entrypoints anyone might possibly need (i.e. the device nodes)
2023-06-01 18:49:43 +02:00
Lennart Poettering
8ce02b87ce cryptsetup-generator: imply x-initrd.attach for "usr" and "root" volumes
Let's imply "x-initrd.attach" for "usr" and "root" volumes, so that
we do not attempt to umount them anymore during shutdown.

The names of these volumes have been mandated by the Discoverable
Partition Spec:

https://uapi-group.org/specifications/specs/discoverable_partitions_specification/#suggested-mode-of-operation

Hence it appears reasonably safe to special case these volume names.

Note that a similar logic is implemented in fstab-generator and in fact
PID 1 to treat the root mount and /usr/ mount specially too, to avoid
trying to umount it at shutdown. (This is what fstab_is_extrinsic()
checks).

This should ensure that if /usr/ or / is for some reason a LUKS medium
we won't try to detach it during runtime, which likely fails, since we
run off it.

Note this also moves an ordering dep towards umount.target under the
x-initrd.attach check, becasue that's where the crucial conflicts dep is
placed too.
2023-06-01 18:49:43 +02:00
Lennart Poettering
6747d9a13f cryptsetup: fix whitespace issue 2023-06-01 18:49:16 +02:00
Dan Streetman
9944909e68 tpm: remove external calls to dlopen_tpm2()
The calls outside tpm2-util.c are redundant, as tpm2_context_new()
is always called immediately after, which then calls dlopen_tpm2().
2023-05-31 09:23:21 -04:00
Klaus Zipfel
703902400d crypttab: Support for VeraCrypt PIM and detached headers for TrueCrypt/VeraCrypt (#27548)
* Added veracrypt-pim=<PIM> LUKS option for crypttab
2023-05-06 21:55:05 +01:00
Lennart Poettering
b96cc40a95 cryptsetup: downgrade a bunch of log messages that to LOG_WARNING
In all these cases we ignore the failure, hence per our rule the log
level should be below LOG_ERR. Fix that.
2023-05-04 05:03:16 +09:00
Luca Boccassi
4255980887 cryptsetup: fix build without TPM2
Follow-up for acbb504eaf
2023-04-04 22:35:04 +01:00
William Roberts
acbb504eaf tpm2: add support for a trusted SRK
Prevent attackers from spoofing the tpmKey portion of the AuthSession by
adding a trusted key to the LUKS header metadata. Also, use a persistent
object rather than a transient object.

This provides the following benifits:
1. No way to MITM the tpmKey portion of the session, see [1] for
details.

2. Strengthens the encrypted sessions, note that the bindKey could be
   dropped now.

3. Speed, once it's created we just use it.

4. Owner Auth is needed to call create primary, so using the SRK
   creates a scratch space for normal users.

This is a "first to set" model, in where the first person to set the key
in the LUKS header wins. Thus, setup should be done in a known good
state. If an SRK, which is a primary key at a special persistent
address, is found, it will use whatever is there. If not, it creates an
SRK. The SRK follows the convetions used through the tpm2-software
organization code on GitHub [2], however, a split has occured between
Windows and Linux with respect to SRK templates. The Linux SRK is
generated with the unique field size set to 0, in Windows, it properly
sets the size to key size in bytes and the unique data to all 0's of that
size. Note the proper templates for SRKs is covered in spec [3].
However, the most important thing, is that both SRKs are passwordless,
and thus they should be interchangable. If Windows is the first to make
the SRK, systemd will gladly accept it and vice-versa.

1. Without the bindKey being utilized, an attacker was able to intercept
this and fake a key, thus being able to decrypt and encrypt traffic as
needed. Introduction of the bindKey strengthened this, but allows for
the attacker to brute force AES128CFB using pin guesses. Introduction of
the salt increases the difficulty of this attack as well as DA attacks
on the TPM objects itself.

2. https://github.com/tpm2-software

3. https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisioning-Guidance-Published-v1r1.pdf

Fixes: #20668
Fixes: #22637

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2023-04-03 13:10:49 +02:00
Jan Janssen
9214828313 meson: Introduce userspace dep
This will help in a later commit to separate userspace from EFI builds.
2023-03-10 11:40:14 +01:00
Dan Streetman
c69bd0abdb tpm2: add/rename functions to manage pcr selections
This renames some functions to match other to/from_string() naming,
and allows better management of TPML_PCR_SELECTION and TPMS_PCR_SELECTION
structs.
2023-03-09 10:46:19 -05:00
Dan Streetman
aa07a4fa35 tpm2: add TPM2_PCR_VALID() 2023-03-09 10:46:19 -05:00
Yu Watanabe
8c2264abb9 cryptsetup: check the existence of salt by salt_size > 0
Follow-up for 504d0acf61.

The function may be called with non-NULL salt and salt_size == 0.
2023-02-17 09:46:25 +01:00
Luca Boccassi
504d0acf61 cryptsetup: do not assert when unsealing token without salt
Salt was added in v253. We are not checking whether it was actually found
(non-zero size), so when an old tpm+pin enrollment is opened things go boom.
For good measure, check both the buffer and the size in both places.

Assertion 'saltlen > 0' failed at src/shared/tpm2-util.c:2490, function tpm2_util_pbkdf2_hmac_sha256(). Aborting.
2023-02-15 18:01:28 +00:00
Dan Streetman
23e9ccc24a tpm2: use Tpm2Context* instead of ESYS_CONTEXT*
This is needed for later patches that use Tpm2Handle, which requires access
to the Tpm2Context.
2023-02-01 12:51:17 -05:00
Dan Streetman
68d084cee5 tpm2: use ref counter for Tpm2Context
This will be used by Tpm2Handle instances, which is added in later patches.

The refcounting allows the context to be retained until all Tpm2Handles have
been cleaned up, and the initial ref is released, before cleaning the context.
2023-02-01 12:51:17 -05:00
Dan Streetman
bd860983a6 tpm2: rename struct tpm2_context to Tpm2Context
This aligns with systemd coding guidelines for struct naming
2023-02-01 12:51:17 -05:00
Dan Streetman
7bfe0a48d9 tpm2: rename tpm2 alg id<->string functions
The 'pcr_bank' functions operate on hash algs, and are not specific to the PCR
banks, while the 'primary_alg' functions operate on asymmetric algs, and are
not specific to primary keys.
2023-02-01 18:13:48 +01:00
Zbigniew Jędrzejewski-Szmek
2f6c52b919 shared/efi-loader: fix compilation with !ENABLE_EFI, improve messages
When compiled without ENABLE_EFI, efi_stub_measured() was not defined, so
compilation would fail. But it's not enough to add a stub that returns
-EOPNOTSUPP. We call this function in various places and usually print the error
at warning or error level, so we'd print a confusing message. We also can't add
a stub that always returns 0, because then we'd print a message like "Kernel
stub did not measure", which would be confusing too. Adding special handling for
-EOPNOTSUPP in every caller is also unattractive. So instead efi_stub_measured()
is reworked to log the warning or error internally, and such logging is removed
from the callers, and a stub is added that logs a custom message.
2023-01-24 23:07:21 +00:00
Jan Janssen
4a7ee0a521 meson: Do not include headers in source lists
Meson+ninja+compiler do this for us and are better at it.

https://mesonbuild.com/FAQ.html#do-i-need-to-add-my-headers-to-the-sources-list-like-in-autotools
2023-01-24 22:04:03 +01:00
Lennart Poettering
7153213e40 string-util: add common implementation of function that converts sized character buffers to NUL terminated C strings 2023-01-21 10:45:25 +01:00
Yu Watanabe
d09df6b94e tree-wide: fix typo 2023-01-20 15:32:16 +09:00
William Roberts
aae6eb9611 tpm2: add salt to pin
Add a salt to the pin and store it in the TPM2 LUKS header for future
this. This adds entropy to user supplied pins and helps brute forcing
the passphrase on the key residing in the TPM or brute forcing bind key
encrypted sessions with low entropy passphrases.

Signed-off-by: malikabhi05 <abhishek.malik@intel.com>
Signed-off-by: William Roberts <william.c.roberts@intel.com>
2023-01-18 21:58:33 +00:00
Lennart Poettering
6c51b49ce0 tpm2: add common helper for checking if we are running on UKI with TPM measurements
Let's introduce a common implementation of a function that checks
whether we are booted on a kernel with systemd-stub that has TPM PCR
measurements enabled. Do our own userspace measurements only if we
detect that.

PCRs are scarce and most likely there are projects which already make
use of them in other ways. Hence, instead of blindly stepping into their
territory let's conditionalize things so that people have to explicitly
buy into our PCR assignments before we start measuring things into them.
Specifically bind everything to an UKI that reported measurements.

This was previously already implemented in systemd-pcrphase, but with
this change we expand this to all tools that process PCR measurement
settings.

The env var to override the check is renamed to SYSTEMD_FORCE_MEASURE,
to make it more generic (since we'll use it at multiple places now).
This is not a compat break, since the original env var for that was not
included in any stable release yet.
2023-01-17 09:42:16 +01:00
Lennart Poettering
94c0c85e30 cryptsetup: add tpm2-measure-pcr= and tpm2-measure-bank= crypttab options
These options allow measuring the volume key used for unlocking the
volume to a TPM2 PCR. This is ideally used for the volume key of the
root file system and can then be used to bind other resources to the
root file system volume in a secure way.

See: #24503
2023-01-17 09:42:16 +01:00
Lennart Poettering
5e476b8512 tree-wide: fix return value handling of base64mem()
This returns an ssize_t, not an int. On populare archs that's the
difference between 64bit and 32bit. hence, let's be more careful here,
and not silently drop half the bits on the ground by assigning the
return value to "int".

As noticed by @malikabhi05:

https://github.com/systemd/systemd/pull/24754#discussion_r1062903159
2023-01-11 10:46:08 +01:00
Peter Cai
52105bb487 cryptsetup-fido2: Remove plain mode parameters from acquire_fido2_key_auto()
`acquire_fido2_key_auto()` will not be used in PLAIN mode, and
parameters such as the salt will be acquired from the LUKS header.
Parameters intended for PLAIN mode are useless in
`acquire_fido2_key_auto()`.
2022-12-22 11:20:56 -05:00
Peter Cai
0a8e026e82 cryptsetup-fido2: Relocate to libsystemd-shared 2022-12-22 08:43:50 -05:00
Peter Cai
e6319a102e cryptsetup-fido2: Try all FIDO2 key slots when opening LUKS volume
After #25268, it is now possible to check whether a credential
is present on a FIDO2 token without actually attempting to retrieve said
credential. However, when cryptsetup plugins are not enabled, the
fallback unlock routines are not able to make multiple attempts with
multiple different FIDO2 key slots.

Instead of looking for one FIDO2 key slot when trying to unlock, we now
attempt to use all key slots applicable.

Fixes #19208.
2022-12-12 21:48:39 +01:00
Daan De Meyer
12e2b70f9b nulstr-util: Declare NULSTR_FOREACH() iterator inline 2022-11-11 16:31:32 +01:00
Zbigniew Jędrzejewski-Szmek
3ae6b3bf72 basic: rename util.h to logarithm.h
util.h is now about logarithms only, so we can rename it. Many files included
util.h for no apparent reason… Those includes are dropped.
2022-11-08 18:21:10 +01:00
Yu Watanabe
17bf3c550d tree-wide: set description for device manager 2022-10-19 04:46:24 +09:00
Lennart Poettering
714c586943 cryptsetup: drop redundant parens/drop ternary op
A ternary op is a bit weird to use if we end up assigning a variable to
itself in one of the branches. Hence use a plain if check.
2022-10-17 13:52:54 +02:00
Lennart Poettering
b6fd88a511 cryptsetup: use errno-flavoured logging where we have an errno 2022-10-17 08:02:03 +02:00
William Roberts
3fab44b2ff cryptsetup: use TPM flags over bool
This works becuase TPM2_FLAGS_USE_PIN is 1 and bool is a 1 so the bits
line up as expected, however if for some reason flags change values and
for clarity check if the boolean indicates this flag and pass the flag
value.

Signed-off-by: William Roberts <william.c.roberts@intel.com>
2022-09-20 08:05:33 +09:00
David Tardon
995340074e tree-wide: use ASSERT_PTR more 2022-09-13 08:13:27 +02:00
Lennart Poettering
75a9681ec0 cryptsetup: hook up TPM2 token code with policies based on PCR signatures, too 2022-09-08 16:34:27 +02:00
Lennart Poettering
fdf6c27cba tpm2-util: add common parser for the LUKS2 TPM2 JSON structure
This splits out the JSON parser used by the systemd-cryptsetup code.

This is preparation for later work to reuse it in the tpm2 cryptsetup
token module, which currently uses a separate but very similar parser
for the same data.

No change in behaviour.
2022-09-08 16:34:27 +02:00
Lennart Poettering
dc63b2c909 cryptsetup: hook up signed PCR policies 2022-09-08 16:34:27 +02:00
Lennart Poettering
d9b5841d40 tpm2-util: extend TPM2 policies to optionally check PCR values against signed values
Traditionally, TPM2 PCR policies are bound against literal PCR values,
which makes them hard to work with when updating software that is
measured into PCRs: each update will change the PCR values, and thus
break TPM2 policies of existing objects.

Let's improve the situation: let's allow signed PCR policies. Secrets
and other TPM2 objects can be associated with a public key that signs a
PCR policy. Thus, if the signed policy and the public key is presented,
access to the TPM2 object can be granted. This allows a less brittle
handling of updates: for example, whenever a kernel image is updated a
new signed PCR policy can be shipped along with it, signed by a private
key owned by the kernel vendor (ideally: same private key that is used
to sign the kernel image itself). TPM2 objects can then be bound to the
associated public key, thus allowing objects that can only be unlocked
by kernels of the same vendor. This makes it very easy to update kernels
without affecting locked secrets.

This does not hook up any of the consuming code (just passes NULL/0
everywhere). This is for later commits.
2022-09-08 16:34:27 +02:00
Jan Janssen
63b9838639 tree-wide: Mark some constants as unsigned
All these are really unsigned and used as such. This silences some
-Wformat-signedness warnings with gcc.
2022-08-30 12:03:33 +02:00
Lennart Poettering
82b0039eb0 Merge pull request #24368 from poettering/tpm2-json-pcr-array-rework
tpm2: add helpers for building/parsing JSON arrays of PCR indexes
2022-08-19 21:51:47 +02:00
Lennart Poettering
222a951fa4 tpm2-util: introduce tpm2_parse_pcr_argument() helper
Add a new tpm2_parse_pcr_argument() helper that unifies how we merge PCR
masks in a single function, we can use all over the place. Previously we
had basically the same code for this at 4 places.
2022-08-19 21:26:26 +02:00
Lennart Poettering
8de8ec88da tpm2-util: also add helper for parsing PCR arrays 2022-08-19 16:30:37 +02:00
Lennart Poettering
7484c60ec6 Merge pull request #23653 from aafeijoo-suse/ask-for-recovery-key
cryptsetup: improve password prompt text
2022-08-19 14:55:54 +02:00
Lennart Poettering
a0789e5fb8 cryptsetup: make sure all token-based codepaths are effected by SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE env var
Previously the env var was only checked when conditionalizing use of our
own libcryptsetup loadable token modules.  But let's also use it for any
other kind of token module, including possible internal ones by
libcryptsetup.
2022-08-19 14:53:54 +02:00