[GUIDE] FDE, TPM, Secure Boot and Fedora

My story begins with attempting to follow @mbernhard 's excellent guide on locking down the FW laptop in Arch. I am replicating his work on Fedora.

Quick Recap

  • Secure Boot is supported by Fedora using Microsoft’s default signing keys. This makes the Secure Boot portion of this guide very easy but I still encourage users to create and sign their own installation to avoid issues with MS key’s potentially being insecure (once I figure out how to do that, I’ll update this guide)

  • The guide linked above uses systemd-cryptenroll to enroll the LUKS key inside the TPM so that the encrypted volume is automatically decrypted assuming PCR values in the TPM check out. From what I can tell, this should still be possible to do on Fedora given that systemd is used there. However, I found Clevis (scroll down to section 13.8 for TPM based decryption) to be possibly more flexible in deployment and easier to use. It can be found within the official repos so I feel safe using it.

There are several packages that will need to be installed and commands executed, I assume that LUKS was setup during installation of Fedora so I don’t cover how to set that up, it is pretty simple and included in the GUI installer for Fedora. Nor do I cover implementing a BIOS password (you should otherwise Secure Boot can be turned off in BIOS and negate everything you just did).

  1. Start by installing Clevis and related packages using sudo dnf install clevis clevis-luks clevis-dracut clevis-systemd
    There are 2 more related packages but I’m not entirely sure what they do and do not seem necessary for my goals, they can be installed using sudo dnf install clevis-udisk2 clevis-pin-tpm2

  2. Next, we are using clevis to bind the LUKS encryption key to PCR values within the TPM using sudo clevis luks bind -d /dev/yourdevice tpm2 '{"hash":"sha256","key":"rsa","pcr_bank":"sha256","pcr_ids":"0,1"}' This directs the TPM to release the key only if PCR’s 0 and 1 match expected values. You will be prompted to enter your current LUKS password/passphrase. You can find the correct pathname for your device by executing lsblk in the terminal. For me it was /dev/nvme0n1p3.

“PCR0 contains a hash of information about the device, including the firmware binary as well as a unique token stored in the TPM on the device. This means that PCR0 values are unique and cryptographically hard to fake. PCR values are also chained, so that the value in PCR1 contains a hash of new data (the specifics of which are not relevant here) plus the hash stored in PCR0. So on and so forth for the other PCRs. PCR7 contains a hash of the Secure Boot policy, including a hash of the databse of trusted keys, along with the hash chain, meaning that if we can have a reliable way to check its value we can make sure that our trusted databases have not been tampered with.” -copied from @mbernhard github

  1. Finally, execute sudo dracut -fv --regenerate-all

  2. Reboot and enjoy not needing to type in anything while retaining FDE. On my i5-1135g7 I find there is a delay between reaching the passphrase prompt and actual automatic unlocking so don’t panic if it doesn’t work immediately.

@mbernhard went further in securing his system and I would like to do the same eventually, I haven’t setup tpm2-totp nor have I investigated binding clevis to the presence of a hardware key, like a Nitrokey, although this should also be possible based upon reading archwiki.

I’m pretty sure this guide can be improved since I’ve mostly been following other guides and struggling to understand the underlying systems at play here. I encourage feedback and possible improvements to this guide.

6 Likes

Thank you.
On my i5-1135G7 it takes ~5 seconds to unlock.
Maybe I should upgrade to a fancy new AMD mainboard.

Marking this as a guide.