From 74aabe86faac8cb9461ef205ec28aa55456166bc Mon Sep 17 00:00:00 2001 From: Malte Poll Date: Thu, 17 Nov 2022 15:37:39 +0100 Subject: [PATCH] Move PCR[8] -> PCR[12] --- .github/workflows/build-os-image.yml | 2 +- cli/internal/cmd/init_test.go | 8 ++++---- docs/docs/architecture/attestation.md | 12 +++++------ ...culate_pcr_8.sh => precalculate_pcr_12.sh} | 20 +++++++++---------- .../attestation/measurements/measurements.go | 8 ++++---- 5 files changed, 25 insertions(+), 25 deletions(-) rename image/measured-boot/{precalculate_pcr_8.sh => precalculate_pcr_12.sh} (65%) diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml index c7d480417..e2e000f29 100644 --- a/.github/workflows/build-os-image.yml +++ b/.github/workflows/build-os-image.yml @@ -481,8 +481,8 @@ jobs: echo "::group::Calculate expected PCRs" { ./precalculate_pcr_4.sh ${{ github.workspace }}/image.raw ${{ github.workspace }}/pcr-4-${{ matrix.csp }}.json - ./precalculate_pcr_8.sh ${{ github.workspace }}/image.raw ${{ github.workspace }}/pcr-8-${{ matrix.csp }}.json ${{ matrix.csp }} ./precalculate_pcr_9.sh ${{ github.workspace }}/image.raw ${{ github.workspace }}/pcr-9-${{ matrix.csp }}.json + ./precalculate_pcr_12.sh ${{ github.workspace }}/image.raw ${{ github.workspace }}/pcr-12-${{ matrix.csp }}.json ${{ matrix.csp }} } >> "$GITHUB_STEP_SUMMARY" cp pcr-stable.json ${{ github.workspace }}/ jq -sSc '.[0] * .[1] * .[2] * .[3]' ${{ github.workspace }}/pcr-* > ${{ github.workspace }}/pcrs-${{ matrix.csp }}.json diff --git a/cli/internal/cmd/init_test.go b/cli/internal/cmd/init_test.go index 79153bb32..5ecebdd07 100644 --- a/cli/internal/cmd/init_test.go +++ b/cli/internal/cmd/init_test.go @@ -395,8 +395,8 @@ func TestAttestation(t *testing.T) { cfg.Provider.QEMU.Measurements[2] = measurements.PCRWithAllBytes(0x22) cfg.Provider.QEMU.Measurements[3] = measurements.PCRWithAllBytes(0x33) cfg.Provider.QEMU.Measurements[4] = measurements.PCRWithAllBytes(0x44) - cfg.Provider.QEMU.Measurements[8] = measurements.PCRWithAllBytes(0x88) cfg.Provider.QEMU.Measurements[9] = measurements.PCRWithAllBytes(0x99) + cfg.Provider.QEMU.Measurements[12] = measurements.PCRWithAllBytes(0xcc) require.NoError(fileHandler.WriteYAML(constants.ConfigFilename, cfg, file.OptNone)) ctx := context.Background() @@ -474,8 +474,8 @@ func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, cs conf.Provider.Azure.AppClientID = "01234567-0123-0123-0123-0123456789ab" conf.Provider.Azure.ClientSecretValue = "test-client-secret" conf.Provider.Azure.Measurements[4] = measurements.PCRWithAllBytes(0x44) - conf.Provider.Azure.Measurements[8] = measurements.PCRWithAllBytes(0x00) conf.Provider.Azure.Measurements[9] = measurements.PCRWithAllBytes(0x11) + conf.Provider.Azure.Measurements[12] = measurements.PCRWithAllBytes(0xcc) case cloudprovider.GCP: conf.Provider.GCP.Region = "test-region" conf.Provider.GCP.Project = "test-project" @@ -483,13 +483,13 @@ func defaultConfigWithExpectedMeasurements(t *testing.T, conf *config.Config, cs conf.Provider.GCP.Zone = "test-zone" conf.Provider.GCP.ServiceAccountKeyPath = "test-key-path" conf.Provider.GCP.Measurements[4] = measurements.PCRWithAllBytes(0x44) - conf.Provider.GCP.Measurements[8] = measurements.PCRWithAllBytes(0x00) conf.Provider.GCP.Measurements[9] = measurements.PCRWithAllBytes(0x11) + conf.Provider.GCP.Measurements[12] = measurements.PCRWithAllBytes(0xcc) case cloudprovider.QEMU: conf.Provider.QEMU.Image = "some/image/location" conf.Provider.QEMU.Measurements[4] = measurements.PCRWithAllBytes(0x44) - conf.Provider.QEMU.Measurements[8] = measurements.PCRWithAllBytes(0x00) conf.Provider.QEMU.Measurements[9] = measurements.PCRWithAllBytes(0x11) + conf.Provider.QEMU.Measurements[12] = measurements.PCRWithAllBytes(0xcc) } conf.RemoveProviderExcept(csp) diff --git a/docs/docs/architecture/attestation.md b/docs/docs/architecture/attestation.md index c70a61264..f335038f6 100644 --- a/docs/docs/architecture/attestation.md +++ b/docs/docs/architecture/attestation.md @@ -142,11 +142,11 @@ The latter means that the value can be generated offline and compared to the one | 5 | Reserved | Azure | No | | 6 | VM Unique ID | Azure | No | | 7 | Secure Boot State | Azure, Constellation Bootloader | No | -| 8 | Kernel command line | Constellation Bootloader | Yes | +| 8 | - | - | - | | 9 | initramfs | Linux Kernel | Yes | | 10 | Reserved | - | No | | 11 | Reserved for Unified Kernel Image components | (Constellation Bootloader) | Yes | -| 12 | Reserved | (Constellation Bootloader) | Yes | +| 12 | Kernel command line | Constellation Bootloader | Yes | | 13 | Reserved | (Constellation Bootloader) | Yes | | 14 | Secure Boot State | Constellation Bootloader | No | | 15 | ClusterID | Constellation Bootstrapper | Yes | @@ -175,11 +175,11 @@ The latter means that the value can be generated offline and compared to the one | 5 | Disk GUID partition table | GCP | No | | 6 | Disk GUID partition table | GCP | No | | 7 | GCP Secure Boot Policy | GCP, Constellation Bootloader | No | -| 8 | Kernel command line | Constellation Bootloader | Yes | +| 8 | - | - | - | | 9 | initramfs | Linux Kernel | Yes | | 10 | Reserved | - | No | | 11 | Reserved for Unified Kernel Image components | (Constellation Bootloader) | Yes | -| 12 | Reserved | (Constellation Bootloader) | Yes | +| 12 | Kernel command line | Constellation Bootloader | Yes | | 13 | Reserved | (Constellation Bootloader) | Yes | | 14 | Secure Boot State | Constellation Bootloader | No | | 15 | ClusterID | Constellation Bootstrapper | Yes | @@ -207,11 +207,11 @@ The latter means that the value can be generated offline and compared to the one | 5 | Firmware | AWS | No | | 6 | Firmware | AWS | No | | 7 | Secure Boot Policy | AWS, Constellation Bootloader | No | -| 8 | Kernel command line | Constellation Bootloader | Yes | +| 8 | - | - | - | | 9 | initramfs | Linux Kernel | Yes | | 10 | Reserved | - | No | | 11 | Reserved for Unified Kernel Image components | (Constellation Bootloader) | Yes | -| 12 | Reserved | (Constellation Bootloader) | Yes | +| 12 | Kernel command line | Constellation Bootloader | Yes | | 13 | Reserved | (Constellation Bootloader) | Yes | | 14 | Secure Boot State | Constellation Bootloader | No | | 15 | ClusterID | Constellation Bootstrapper | Yes | diff --git a/image/measured-boot/precalculate_pcr_8.sh b/image/measured-boot/precalculate_pcr_12.sh similarity index 65% rename from image/measured-boot/precalculate_pcr_8.sh rename to image/measured-boot/precalculate_pcr_12.sh index 0011c240f..d39372942 100755 --- a/image/measured-boot/precalculate_pcr_8.sh +++ b/image/measured-boot/precalculate_pcr_12.sh @@ -3,11 +3,11 @@ # # SPDX-License-Identifier: AGPL-3.0-only -# This script is used to precalculate the PCR[8] value for a Constellation OS image. -# PCR[8] contains the hash of the kernel command line and is measured by systemd-boot. -# This value is deprecated and will be moved to PCR[12] in the future. -# This script may produce wrong results after 2023 (when the kernel command line is only measured in PCR[12]). -# Usage: precalculate_pcr_8.sh +# This script is used to precalculate the PCR[12] value for a Constellation OS image. +# PCR[12] contains the hash of the kernel command line and is measured by systemd-boot. +# This value was previously measured into PCR[8]. +# This script may produce wrong results for systemd-boot versions < 251. +# Usage: precalculate_pcr_12.sh set -euo pipefail shopt -s inherit_errexit @@ -35,7 +35,7 @@ write_output() { cat > "${out}" << EOF { "measurements": { - "8": "${expected_pcr_8}" + "12": "${expected_pcr_12}" }, "cmdline": "${cmdline}", "cmdline-sha256": "${cmdline_hash}" @@ -59,18 +59,18 @@ cmdline=$(cat "${DIR}/cmdline") cmdline_hash=$(cmdline_measure "${DIR}/cmdline") cleanup "${DIR}" -expected_pcr_8=0000000000000000000000000000000000000000000000000000000000000000 -expected_pcr_8=$(pcr_extend "${expected_pcr_8}" "${cmdline_hash}" "sha256sum") +expected_pcr_12=0000000000000000000000000000000000000000000000000000000000000000 +expected_pcr_12=$(pcr_extend "${expected_pcr_12}" "${cmdline_hash}" "sha256sum") if [[ ${CSP} == "azure" ]]; then # Azure displays the boot menu # triggering an extra measurement of the kernel command line. - expected_pcr_8=$(pcr_extend "${expected_pcr_8}" "${cmdline_hash}" "sha256sum") + expected_pcr_12=$(pcr_extend "${expected_pcr_12}" "${cmdline_hash}" "sha256sum") fi echo "Kernel commandline: ${cmdline}" echo "Kernel Commandline measurement ${cmdline_hash}" echo "" -echo "Expected PCR[8]: ${expected_pcr_8}" +echo "Expected PCR[12]: ${expected_pcr_12}" echo "" write_output "${OUT}" diff --git a/internal/attestation/measurements/measurements.go b/internal/attestation/measurements/measurements.go index b544b9535..34b6aa948 100644 --- a/internal/attestation/measurements/measurements.go +++ b/internal/attestation/measurements/measurements.go @@ -36,30 +36,30 @@ func DefaultsFor(provider cloudprovider.Provider) M { switch provider { case cloudprovider.AWS: return M{ + 8: PCRWithAllBytes(0x00), 11: PCRWithAllBytes(0x00), - 12: PCRWithAllBytes(0x00), 13: PCRWithAllBytes(0x00), uint32(vtpm.PCRIndexClusterID): PCRWithAllBytes(0x00), } case cloudprovider.Azure: return M{ + 8: PCRWithAllBytes(0x00), 11: PCRWithAllBytes(0x00), - 12: PCRWithAllBytes(0x00), 13: PCRWithAllBytes(0x00), uint32(vtpm.PCRIndexClusterID): PCRWithAllBytes(0x00), } case cloudprovider.GCP: return M{ 0: {0x0F, 0x35, 0xC2, 0x14, 0x60, 0x8D, 0x93, 0xC7, 0xA6, 0xE6, 0x8A, 0xE7, 0x35, 0x9B, 0x4A, 0x8B, 0xE5, 0xA0, 0xE9, 0x9E, 0xEA, 0x91, 0x07, 0xEC, 0xE4, 0x27, 0xC4, 0xDE, 0xA4, 0xE4, 0x39, 0xCF}, + 8: PCRWithAllBytes(0x00), 11: PCRWithAllBytes(0x00), - 12: PCRWithAllBytes(0x00), 13: PCRWithAllBytes(0x00), uint32(vtpm.PCRIndexClusterID): PCRWithAllBytes(0x00), } case cloudprovider.QEMU: return M{ + 8: PCRWithAllBytes(0x00), 11: PCRWithAllBytes(0x00), - 12: PCRWithAllBytes(0x00), 13: PCRWithAllBytes(0x00), uint32(vtpm.PCRIndexClusterID): PCRWithAllBytes(0x00), }