recovery: integrate TPM provisioning

recovery/device.go

@@ -22,7 +22,6 @@ import (
 	"bufio"
 	"fmt"
 	"io/ioutil"
-	"math/rand"
 	"os"
 	"os/exec"
 	"path"
@@ -85,7 +84,7 @@ func (d *DiskDevice) CreatePartition(size uint64, label string) error {
 	return nil
 }
 
-func (d *DiskDevice) CreateLUKSPartition(size uint64, label string, keyfile string, keyfileSize int, cryptdev string) error {
+func (d *DiskDevice) CreateLUKSPartition(size uint64, label string, keyBuffer []byte, cryptdev string) error {
 	logger.Noticef("Create partition %q", label)
 	cmd := exec.Command("sfdisk", "--no-reread", "-a", d.node)
 	stdin, err := cmd.StdinPipe()
@@ -115,18 +114,16 @@ func (d *DiskDevice) CreateLUKSPartition(size uint64, label string, keyfile stri
 	// FIXME: determine partition name in a civilized way
 	partdev := d.partDev(4)
 
-	// Set up LUKS device
-	logger.Noticef("Create LUKS keyfile")
-	buffer := make([]byte, keyfileSize)
-	rand.Read(buffer)
-	if err := ioutil.WriteFile(keyfile, buffer, 0400); err != nil {
-		return fmt.Errorf("cannot create keyfile %s: %s", keyfile, err)
-	}
-
-	// Don't remove this delay, prevents kernel crash
+	// Don't remove this delay, it prevents a kernel crash
 	// see https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1835279
 	time.Sleep(1 * time.Second)
 
+	// Create a temporary unsealed keyfile on a RAM-backed filesystem
+	keyfile := "/run/tmpkeyfile"
+	if err := ioutil.WriteFile(keyfile, keyBuffer, 0400); err != nil {
+		return fmt.Errorf("cannot create keyfile: %s", err)
+	}
+
 	logger.Noticef("Create LUKS device on %s", partdev)
 	if output, err := exec.Command("cryptsetup", "-q", "--type", "luks2", "--key-file", keyfile,
 		"--pbkdf-memory", "100000", "luksFormat", partdev).CombinedOutput(); err != nil {
@@ -142,7 +139,12 @@ func (d *DiskDevice) CreateLUKSPartition(size uint64, label string, keyfile stri
 		return osutil.OutputErr(output, fmt.Errorf("cannot open LUKS device on %s: %s", partdev, err))
 	}
 
-	// Ok, now this is ugly. We'll have to see how to handle this properly without udev.
+	// FIXME: use secure delete
+	if err := os.Remove(keyfile); err != nil {
+		logger.Noticef("can't remove keyfile: %s", err)
+	}
+
+	// FIXME: Ok, now this is ugly. We'll have to see how to handle this properly.
 	logger.Noticef("Hack: create LUKS device symlink")
 	if err := os.Symlink("../dm-0", cryptdev); err != nil {
 		return fmt.Errorf("cannot create LUKS device symlink: %s", err)

recovery/fdeutils/provisioning.go

@@ -0,0 +1,100 @@
+package fdeutils
+
+import (
+	"errors"
+	"fmt"
+	"os"
+
+	"github.com/google/go-tpm/tpm2"
+	"github.com/google/go-tpm/tpmutil"
+)
+
+const (
+	srkHandle tpmutil.Handle = 0x81000000
+
+	tpmPath string = "/dev/tpm0"
+	ppiPath string = "/sys/class/tpm/tpm0/ppi/request"
+
+	permanentProps uint32 = 0x00000200
+	lockoutAuthSet uint32 = 1 << 2
+	disableClear   uint32 = 1 << 8
+
+	clearPPIRequest string = "5"
+)
+
+var (
+	ErrClearRequiresPPI = errors.New("clearing requires the use of the Physical Presence Interface")
+
+	srkTemplate = tpm2.Public{
+		Type:    tpm2.AlgRSA,
+		NameAlg: tpm2.AlgSHA256,
+		Attributes: tpm2.FlagFixedTPM | tpm2.FlagFixedParent | tpm2.FlagSensitiveDataOrigin |
+			tpm2.FlagUserWithAuth | tpm2.FlagRestricted | tpm2.FlagDecrypt,
+		AuthPolicy: nil,
+		RSAParameters: &tpm2.RSAParams{
+			Symmetric: &tpm2.SymScheme{
+				Alg:     tpm2.AlgAES,
+				KeyBits: 128,
+				Mode:    tpm2.AlgCFB},
+			KeyBits:    2048,
+			Exponent:   0,
+			ModulusRaw: make([]byte, 256)}}
+)
+
+func ProvisionTPM(lockoutAuth []byte) error {
+	rw, err := tpm2.OpenTPM(tpmPath)
+	if err != nil {
+		return fmt.Errorf("failed to open TPM device: %v", err)
+	}
+
+	c, _, err := tpm2.GetCapability(rw, tpm2.CapabilityTPMProperties, 1, permanentProps)
+	if err != nil {
+		return fmt.Errorf("failed to request permanent properties: %v", err)
+	}
+
+	p := c[0].(tpm2.TaggedProperty).Value
+	if p&lockoutAuthSet > 0 || p&disableClear > 0 {
+		return ErrClearRequiresPPI
+	}
+
+	if err := tpm2.Clear(rw, tpm2.HandleLockout, ""); err != nil {
+		return fmt.Errorf("failed to clear the TPM: %v", err)
+	}
+
+	h, _, err := tpm2.CreatePrimary(rw, tpm2.HandleOwner, tpm2.PCRSelection{}, "", "", srkTemplate)
+	if err != nil {
+		return fmt.Errorf("failed to create storage root key: %v", err)
+	}
+
+	if err := tpm2.EvictControl(rw, "", tpm2.HandleOwner, h, srkHandle); err != nil {
+		return fmt.Errorf("failed to make storage root key persistent: %v", err)
+	}
+
+	if err := tpm2.SetDictionaryAttackParameters(rw, 32, 7200, 86400, ""); err != nil {
+		return fmt.Errorf("failed to configure DA parameters: %v", err)
+	}
+
+	if err := tpm2.DisableOwnerClear(rw, ""); err != nil {
+		return fmt.Errorf("failed to disable owner clear: %v", err)
+	}
+
+	if err := tpm2.HierarchyChangeAuth(rw, tpm2.HandleLockout, "", string(lockoutAuth)); err != nil {
+		return fmt.Errorf("failed to set the lockout hierarchy authorization value: %v", err)
+	}
+
+	return nil
+}
+
+func RequestTPMClearUsingPPI() error {
+	f, err := os.OpenFile(ppiPath, os.O_WRONLY, 0)
+	if err != nil {
+		return fmt.Errorf("failed to open request handle: %v", err)
+	}
+	defer f.Close()
+
+	if _, err := f.WriteString(clearPPIRequest); err != nil {
+		return fmt.Errorf("failed to submit request: %v", err)
+	}
+
+	return nil
+}

recovery/recovery.go

@@ -21,6 +21,7 @@
 package recovery
 
 import (
+	"crypto/rand"
 	"fmt"
 	"io/ioutil"
 	"os"
@@ -32,6 +33,7 @@ import (
 	"github.com/snapcore/snapd/bootloader/grubenv"
 	"github.com/snapcore/snapd/logger"
 	"github.com/snapcore/snapd/osutil"
+	"github.com/snapcore/snapd/recovery/fdeutils"
 )
 
 const (
@@ -142,8 +144,6 @@ func Install(version string) error {
 	mntSysRecover := "/mnt/sys-recover"
 	mntSystemBoot := "/mnt/system-boot"
 
-	keyfile := path.Join(mntSystemBoot, "keyfile")
-
 	if err := mountFilesystem("ubuntu-boot", mntSystemBoot); err != nil {
 		return err
 	}
@@ -152,8 +152,16 @@ func Install(version string) error {
 
 	cryptdev := "ubuntu-data"
 
+	logger.Noticef("Create LUKS key")
+	keySize := 4 * sizeKB
+	keyBuffer := make([]byte, keySize)
+	n, err := rand.Read(keyBuffer)
+	if n != keySize || err != nil {
+		return fmt.Errorf("cannot create LUKS key: %s", err)
+	}
+
 	logger.Noticef("Install recovery %s", version)
-	if err := createWritable(keyfile, 4*sizeKB, cryptdev); err != nil {
+	if err := createWritable(keyBuffer, cryptdev); err != nil {
 		logger.Noticef("cannot create writable: %s", err)
 		return err
 	}
@@ -175,6 +183,31 @@ func Install(version string) error {
 		return err
 	}
 
+	logger.Noticef("Create lockout authorization")
+	lockoutAuth := make([]byte, 16)
+	n, err = rand.Read(lockoutAuth)
+	if n != 16 || err != nil {
+		return fmt.Errorf("cannot create lockout authorization: %s", err)
+	}
+
+	logger.Noticef("Provisioning the TPM")
+	if err := fdeutils.ProvisionTPM(lockoutAuth); err != nil {
+		logger.Noticef("error provisioning the TPM: %s", err)
+		return fmt.Errorf("cannot provision TPM: %s", err)
+	}
+
+	if err := storeKeyfile(mntSystemBoot, keyBuffer); err != nil {
+		return fmt.Errorf("cannot store keyfile: %s", err)
+	}
+
+	if err := storeLockoutAuth(mntWritable, lockoutAuth); err != nil {
+		return fmt.Errorf("cannot store lockout authorization: %s", err)
+	}
+
+	if err := exec.Command("sync").Run(); err != nil {
+		return fmt.Errorf("cannot sync: %s", err)
+	}
+
 	if err := umount(mntWritable); err != nil {
 		return err
 	}
@@ -196,15 +229,15 @@ func Install(version string) error {
 	return nil
 }
 
-func createWritable(keyfile string, keyfileSize int, cryptdev string) error {
-	logger.Noticef("Creating new writable")
+func createWritable(keyBuffer []byte, cryptdev string) error {
+	logger.Noticef("Creating new ubuntu-data")
 	disk := &DiskDevice{}
 	if err := disk.FindFromPartLabel("ubuntu-boot"); err != nil {
 		return fmt.Errorf("cannot determine boot device: %s", err)
 	}
 
 	// FIXME: get values from gadget, system
-	err := disk.CreateLUKSPartition(1000*sizeMB, "ubuntu-data", keyfile, keyfileSize, cryptdev)
+	err := disk.CreateLUKSPartition(1000*sizeMB, "ubuntu-data", keyBuffer, cryptdev)
 	if err != nil {
 		return fmt.Errorf("cannot create new ubuntu-data: %s", err)
 	}
@@ -226,6 +259,25 @@ func mountFilesystem(label string, mountpoint string) error {
 	return nil
 }
 
+func storeKeyfile(dir string, buffer []byte) error {
+	// TODO: seal keyfile
+	if err := ioutil.WriteFile(path.Join(dir, "keyfile"), buffer, 0400); err != nil {
+		return err
+	}
+
+	// Don't remove this sync, it prevents file corruption on vfat
+	if err := exec.Command("sync").Run(); err != nil {
+		return fmt.Errorf("cannot sync: %s", err)
+	}
+
+	return nil
+}
+
+// The lockout authorization file is stored in the encrypted partition
+func storeLockoutAuth(dir string, lockoutAuth []byte) error {
+	return ioutil.WriteFile(path.Join(dir, "system-data/lockoutAuth"), lockoutAuth, 0400)
+}
+
 func updateRecovery(mntWritable, mntSysRecover, mntSystemBoot, version string) (core string, kernel string, err error) {
 	logger.Noticef("Populating new writable")
 
@@ -326,7 +378,7 @@ func extractKernel(kernelPath, mntSystemBoot string) error {
 		}
 	}
 
-	// Don't remove this sync, prevents corrupted files on vfat
+	// Don't remove this sync, it prevents file corruption on vfat
 	if err := exec.Command("sync").Run(); err != nil {
 		return fmt.Errorf("cannot sync filesystems: %s", err)
 	}

vendor/vendor.json

@@ -24,6 +24,13 @@
 			"revision": "97646858c46433e4afb3432ad28c12e968efa298",
 			"revisionTime": "2017-08-22T15:24:03Z"
 		},
+		{
+			"checksumSHA1": "M1jObMAw/YV+Rc5PccfmJuuxLa0=",
+			"origin": "github.com/chrisccoulson/go-tpm",
+			"path": "github.com/google/go-tpm",
+			"revision": "c6c7cb7465ae50e13263f2f8ff33f57d1f9859bc",
+			"revisionTime": "2019-07-08T13:36:22Z"
+		},
 		{
 			"checksumSHA1": "iIUYZyoanCQQTUaWsu8b+iOSPt4=",
 			"path": "github.com/gorilla/context",