add persistent TPM2-bound LUKS partitions for credentials and keylime#34
Merged
add persistent TPM2-bound LUKS partitions for credentials and keylime#34
Conversation
Move the ephemeral build partition last in the partition table, leaving room for persistent partitions before it.
Remove the build-time placeholder for var-lib-build. systemd-repart only formats and LUKS-encrypts during partition creation, so placeholders would be left unformatted. Let repart create all mutable partitions from scratch on first boot instead. Point link-volatile-root at the ESP (always present in the image) so repart can discover the disk. Remove dead mkfsOptions.ext4 (no ext4 partitions in image anymore).
Add 31-var-lib-credentials and 32-var-lib-keylime (64M each, Encrypt=tpm2). Created by systemd-repart on first boot, persistent across reboots (no FactoryReset). Add LUKS device entries with tpm2-device=auto and filesystem mounts. Ensure systemd-repart runs before all cryptsetup units.
Move credentials from /var/lib/artifacts/credentials to /var/lib/credentials, backed by the new TPM2-bound LUKS partition. Remove dependency on artifactStorage.enable and the bind-mount ordering on the artifacts mount.
/var/lib/keylime is now a persistent LUKS partition, so the agent's AK survives reboots natively. Remove persistAgent script, keylime-persist-agent service, and restore-from-boot logic in configureAgent.
The installed system needs a TPM to create TPM2-encrypted partitions at first boot.
Write sentinels to /var/lib/{build,keylime,credentials}, reboot,
verify build is wiped while keylime and credentials survive.
Reflect the new disk layout: build-time image contains only immutable partitions, mutable partitions are created at boot. Update credential path from /var/lib/artifacts/credentials to /var/lib/credentials. Update keylime AK persistence description.
Instead of symlinking a partition label to volatile-root (which could match the wrong disk if e.g. the installer is still attached), follow the dm-verity 'usr' device to its backing store partition via sysfs, then walk up to the parent disk. The verity device is cryptographically bound to this UKI's usrhash, so it uniquely identifies the correct disk.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Move all mutable partitions out of the build-time image. It now contains only immutable partitions (ESP, store-verity, store). systemd-repart creates mutable partitions on first boot.
Also: the link-volatile-root service now resolves the boot disk by following the dm-verity usr device through sysfs, which is cryptographically bound to the UKI's usrhash. This correctly identifies the boot disk even when other disks with identical partition labels are present (e.g. the installer).
Integration tests verify that /var/lib/build is wiped on reboot while /var/lib/keylime and /var/lib/credentials survive.