Blame SOURCES/clevis-7-tpm2.patch

6f5ff5
From fb3c135906cab203cfd11b3cb4a502ef8530987a Mon Sep 17 00:00:00 2001
6f5ff5
From: Nathaniel McCallum <npmccallum@redhat.com>
6f5ff5
Date: Mon, 9 Jul 2018 08:47:14 +0200
6f5ff5
Subject: [PATCH] Add support for TPM 2.0
6f5ff5
6f5ff5
---
6f5ff5
 Makefile.am                   |   5 ++
6f5ff5
 configure.ac                  |  11 +++
6f5ff5
 doc/clevis-encrypt-tpm2.1     | 142 +++++++++++++++++++++++++++++++
6f5ff5
 doc/clevis-encrypt-tpm2.1.md  | 108 +++++++++++++++++++++++
6f5ff5
 doc/clevis.1                  |  40 ++++++++-
6f5ff5
 src/Makefile.am               |   6 ++
6f5ff5
 src/clevis-decrypt-tpm2       | 126 +++++++++++++++++++++++++++
6f5ff5
 src/clevis-encrypt-tpm2       | 156 ++++++++++++++++++++++++++++++++++
6f5ff5
 src/dracut/module-setup.sh.in |  23 +++++
6f5ff5
 9 files changed, 615 insertions(+), 2 deletions(-)
6f5ff5
 create mode 100644 doc/clevis-encrypt-tpm2.1
6f5ff5
 create mode 100644 doc/clevis-encrypt-tpm2.1.md
6f5ff5
 create mode 100755 src/clevis-decrypt-tpm2
6f5ff5
 create mode 100755 src/clevis-encrypt-tpm2
6f5ff5
6f5ff5
diff --git a/Makefile.am b/Makefile.am
6f5ff5
index 141642a..75f9745 100644
6f5ff5
--- a/Makefile.am
6f5ff5
+++ b/Makefile.am
6f5ff5
@@ -14,3 +14,8 @@ dist_man1_MANS = \
6f5ff5
     doc/clevis-luks-bind.1 \
6f5ff5
     doc/clevis-decrypt.1 \
6f5ff5
     doc/clevis.1
6f5ff5
+
6f5ff5
+if HAVE_TPM2_TOOLS
6f5ff5
+    dist_man1_MANS += \
6f5ff5
+    doc/clevis-encrypt-tpm2.1
6f5ff5
+endif
6f5ff5
diff --git a/configure.ac b/configure.ac
6f5ff5
index f9ed01a..313f64e 100644
6f5ff5
--- a/configure.ac
6f5ff5
+++ b/configure.ac
6f5ff5
@@ -54,6 +54,17 @@ fi
6f5ff5
 
6f5ff5
 AC_SUBST(SD_ACTIVATE)
6f5ff5
 
6f5ff5
+for ac_prog in createprimary pcrlist createpolicy create load unseal; do
6f5ff5
+    unset TPM2_TOOLS
6f5ff5
+    unset ac_cv_prog_TPM2_TOOLS
6f5ff5
+    AC_CHECK_PROG([TPM2_TOOLS], [tpm2_$ac_prog], [yes])
6f5ff5
+    test -z "$TPM2_TOOLS" && break
6f5ff5
+done
6f5ff5
+
6f5ff5
+test -n "$TPM2_TOOLS" || AC_MSG_WARN([tpm2_$ac_prog not found, tpm2 pin won't be installed])
6f5ff5
+
6f5ff5
+AM_CONDITIONAL([HAVE_TPM2_TOOLS], [test -n "$TPM2_TOOLS"])
6f5ff5
+
6f5ff5
 AC_ARG_ENABLE([user],
6f5ff5
               AS_HELP_STRING([--enable-user=USER],
6f5ff5
                              [Set unprivileged user (default: root)]),
6f5ff5
diff --git a/doc/clevis-encrypt-tpm2.1 b/doc/clevis-encrypt-tpm2.1
6f5ff5
new file mode 100644
6f5ff5
index 0000000..096ad23
6f5ff5
--- /dev/null
6f5ff5
+++ b/doc/clevis-encrypt-tpm2.1
6f5ff5
@@ -0,0 +1,142 @@
6f5ff5
+.\" Automatically generated by Pandoc 1.19.1
6f5ff5
+.\"
6f5ff5
+.TH "CLEVIS\-ENCRYPT\-TPM2" "1" "November 2017" "" ""
6f5ff5
+.hy
6f5ff5
+.SH NAME
6f5ff5
+.PP
6f5ff5
+clevis\-encrypt\-tpm2 \-\- Encrypts using a TPM2.0 chip binding policy
6f5ff5
+.SH SYNOPSIS
6f5ff5
+.PP
6f5ff5
+\f[C]clevis\ encrypt\ tpm2\f[] CONFIG < PT > JWE
6f5ff5
+.SH OVERVIEW
6f5ff5
+.PP
6f5ff5
+The \f[C]clevis\ encrypt\ tpm2\f[] command encrypts using a Trusted
6f5ff5
+Platform Module 2.0 (TPM2) chip.
6f5ff5
+Its only argument is the JSON configuration object.
6f5ff5
+.PP
6f5ff5
+When using the tpm2 pin, we create a new, cryptographically\-strong,
6f5ff5
+random key.
6f5ff5
+This key is encrypted using the TPM2 chip.
6f5ff5
+Then at decryption time, the key is decrypted again using the TPM2 chip.
6f5ff5
+.IP
6f5ff5
+.nf
6f5ff5
+\f[C]
6f5ff5
+$\ clevis\ encrypt\ tpm2\ \[aq]{}\[aq]\ <\ PT\ >\ JWE
6f5ff5
+\f[]
6f5ff5
+.fi
6f5ff5
+.PP
6f5ff5
+The pin has reasonable defaults for its configuration, but a different
6f5ff5
+hierarchy, hash, and key algorithms can be chosen if the defaults used
6f5ff5
+are not suitable:
6f5ff5
+.IP
6f5ff5
+.nf
6f5ff5
+\f[C]
6f5ff5
+$\ clevis\ encrypt\ tpm2\ \[aq]{"hash":"sha1","key":"rsa"}\[aq]\ <\ PT\ >\ JWE
6f5ff5
+\f[]
6f5ff5
+.fi
6f5ff5
+.PP
6f5ff5
+To decrypt the data, simply provide the ciphertext (JWE):
6f5ff5
+.IP
6f5ff5
+.nf
6f5ff5
+\f[C]
6f5ff5
+$\ clevis\ decrypt\ <\ JWE\ >\ PT
6f5ff5
+\f[]
6f5ff5
+.fi
6f5ff5
+.PP
6f5ff5
+Note that like other pins no configuration is used for decryption, this
6f5ff5
+is due clevis storing the public and private keys to unseal the TPM2
6f5ff5
+encrypted object in the JWE so clevis can fetch that information from
6f5ff5
+there.
6f5ff5
+.PP
6f5ff5
+The pin also supports sealing data to a Platform Configuration Registers
6f5ff5
+(PCR) state.
6f5ff5
+That way the data can only be unsealed if the PCRs hashes values match
6f5ff5
+the policy used when sealing.
6f5ff5
+.PP
6f5ff5
+For example, to seal the data to the PCR with index 0 and 1 for the SHA1
6f5ff5
+bank:
6f5ff5
+.IP
6f5ff5
+.nf
6f5ff5
+\f[C]
6f5ff5
+$\ clevis\ encrypt\ tpm2\ \[aq]{"pcr_bank":"sha1","pcr_ids":"0,1"}\[aq]\ <\ PT\ >\ JWE
6f5ff5
+\f[]
6f5ff5
+.fi
6f5ff5
+.PP
6f5ff5
+The PCR digest values are looked up from the current hash values for the
6f5ff5
+PCRs, but a digest can also be provided if the data needs to be sealed
6f5ff5
+with values different to the current ones, by passing the binary hash
6f5ff5
+encoded in base64:
6f5ff5
+.IP
6f5ff5
+.nf
6f5ff5
+\f[C]
6f5ff5
+$\ clevis\ encrypt\ tpm2\ \[aq]{"pcr_ids":"0","pcr_digest":"xy7J5svCtqlfM03d1lE5gdoA8MI"}\[aq]\ <\ PT\ >\ JWE
6f5ff5
+\f[]
6f5ff5
+.fi
6f5ff5
+.SH Threat model
6f5ff5
+.PP
6f5ff5
+The Clevis security model relies in the fact that an attacker will not
6f5ff5
+be able to access both the encrypted data and the decryption key.
6f5ff5
+.PP
6f5ff5
+For most Clevis pins, the decryption key is not locally stored, so the
6f5ff5
+decryption policy is only satisfied if the decryption key can be
6f5ff5
+remotely accessed.
6f5ff5
+It could for example be stored in a remote server or in a hardware
6f5ff5
+authentication device that has to be plugged into the machine.
6f5ff5
+.PP
6f5ff5
+The tpm2 pin is different in this regard, since a key is wrapped by a
6f5ff5
+TPM2 chip that is always present in the machine.
6f5ff5
+This does not mean that there are not use cases for this pin, but it is
6f5ff5
+important to understand the fact that an attacker that has access to
6f5ff5
+both the encrypted data and the local TPM2 chip will be able to decrypt
6f5ff5
+the data.
6f5ff5
+.SH CONFIG
6f5ff5
+.PP
6f5ff5
+This command uses the following configuration properties:
6f5ff5
+.IP \[bu] 2
6f5ff5
+\f[C]hash\f[] (string) : Hash algorithm used in the computation of the
6f5ff5
+object name (default: sha256)
6f5ff5
+.PP
6f5ff5
+It must be one of the following:
6f5ff5
+.IP \[bu] 2
6f5ff5
+\f[C]sha1\f[]
6f5ff5
+.IP \[bu] 2
6f5ff5
+\f[C]sha256\f[]
6f5ff5
+.IP \[bu] 2
6f5ff5
+\f[C]sha384\f[]
6f5ff5
+.IP \[bu] 2
6f5ff5
+\f[C]sha512\f[]
6f5ff5
+.IP \[bu] 2
6f5ff5
+\f[C]sm3_256\f[]
6f5ff5
+.IP \[bu] 2
6f5ff5
+\f[C]key\f[] (string) : Algorithm type for the generated key (default:
6f5ff5
+ecc)
6f5ff5
+.PP
6f5ff5
+It must be one of the following:
6f5ff5
+.IP \[bu] 2
6f5ff5
+\f[C]rsa\f[]
6f5ff5
+.IP \[bu] 2
6f5ff5
+\f[C]keyedhash\f[]
6f5ff5
+.IP \[bu] 2
6f5ff5
+\f[C]ecc\f[]
6f5ff5
+.IP \[bu] 2
6f5ff5
+\f[C]symcipher\f[]
6f5ff5
+.IP \[bu] 2
6f5ff5
+\f[C]pcr_bank\f[] (string) : PCR algorithm bank to use for policy
6f5ff5
+(default: sha1)
6f5ff5
+.PP
6f5ff5
+It must be one of the following:
6f5ff5
+.IP \[bu] 2
6f5ff5
+\f[C]sha1\f[]
6f5ff5
+.IP \[bu] 2
6f5ff5
+\f[C]sha256\f[]
6f5ff5
+.IP \[bu] 2
6f5ff5
+\f[C]pcr_ids\f[] (string) : Comma separated list of PCR used for policy.
6f5ff5
+If not present, no policy is used
6f5ff5
+.IP \[bu] 2
6f5ff5
+\f[C]pcr_digest\f[] (string) : Binary PCR hashes encoded in base64.
6f5ff5
+If not present, the hash values are looked up
6f5ff5
+.SH SEE ALSO
6f5ff5
+.PP
6f5ff5
+\f[C]clevis\-decrypt\f[](1)
6f5ff5
+.SH AUTHORS
6f5ff5
+Javier Martinez Canillas <javierm@redhat.com>.
6f5ff5
diff --git a/doc/clevis-encrypt-tpm2.1.md b/doc/clevis-encrypt-tpm2.1.md
6f5ff5
new file mode 100644
6f5ff5
index 0000000..f533d67
6f5ff5
--- /dev/null
6f5ff5
+++ b/doc/clevis-encrypt-tpm2.1.md
6f5ff5
@@ -0,0 +1,108 @@
6f5ff5
+% CLEVIS-ENCRYPT-TPM2(1)
6f5ff5
+% Javier Martinez Canillas <javierm@redhat.com>
6f5ff5
+% November 2017
6f5ff5
+
6f5ff5
+# NAME
6f5ff5
+
6f5ff5
+clevis-encrypt-tpm2 -- Encrypts using a TPM2.0 chip binding policy
6f5ff5
+
6f5ff5
+# SYNOPSIS
6f5ff5
+
6f5ff5
+`clevis encrypt tpm2` CONFIG < PT > JWE
6f5ff5
+
6f5ff5
+# OVERVIEW
6f5ff5
+
6f5ff5
+The `clevis encrypt tpm2` command encrypts using a Trusted Platform Module 2.0
6f5ff5
+(TPM2) chip. Its only argument is the JSON configuration object.
6f5ff5
+
6f5ff5
+When using the tpm2 pin, we create a new, cryptographically-strong, random key.
6f5ff5
+This key is encrypted using the TPM2 chip.
6f5ff5
+Then at decryption time, the key is decrypted again using the TPM2 chip.
6f5ff5
+
6f5ff5
+    $ clevis encrypt tpm2 '{}' < PT > JWE
6f5ff5
+
6f5ff5
+The pin has reasonable defaults for its configuration, but a different hierarchy,
6f5ff5
+hash, and key algorithms can be chosen if the defaults used are not suitable:
6f5ff5
+
6f5ff5
+    $ clevis encrypt tpm2 '{"hash":"sha1","key":"rsa"}' < PT > JWE
6f5ff5
+
6f5ff5
+To decrypt the data, simply provide the ciphertext (JWE):
6f5ff5
+
6f5ff5
+    $ clevis decrypt < JWE > PT
6f5ff5
+
6f5ff5
+Note that like other pins no configuration is used for decryption, this is due
6f5ff5
+clevis storing the public and private keys to unseal the TPM2 encrypted object
6f5ff5
+in the JWE so clevis can fetch that information from there.
6f5ff5
+
6f5ff5
+The pin also supports sealing data to a Platform Configuration Registers (PCR)
6f5ff5
+state. That way the data can only be unsealed if the PCRs hashes values match
6f5ff5
+the policy used when sealing.
6f5ff5
+
6f5ff5
+For example, to seal the data to the PCR with index 0 and 1 for the SHA1 bank:
6f5ff5
+
6f5ff5
+    $ clevis encrypt tpm2 '{"pcr_bank":"sha1","pcr_ids":"0,1"}' < PT > JWE
6f5ff5
+
6f5ff5
+The PCR digest values are looked up from the current hash values for the PCRs,
6f5ff5
+but a digest can also be provided if the data needs to be sealed with values
6f5ff5
+different to the current ones, by passing the binary hash encoded in base64:
6f5ff5
+
6f5ff5
+    $ clevis encrypt tpm2 '{"pcr_ids":"0","pcr_digest":"xy7J5svCtqlfM03d1lE5gdoA8MI"}' < PT > JWE
6f5ff5
+
6f5ff5
+# Threat model
6f5ff5
+
6f5ff5
+The Clevis security model relies in the fact that an attacker will not be able to
6f5ff5
+access both the encrypted data and the decryption key.
6f5ff5
+
6f5ff5
+For most Clevis pins, the decryption key is not locally stored, so the decryption
6f5ff5
+policy is only satisfied if the decryption key can be remotely accessed. It could
6f5ff5
+for example be stored in a remote server or in a hardware authentication device
6f5ff5
+that has to be plugged into the machine.
6f5ff5
+
6f5ff5
+The tpm2 pin is different in this regard, since a key is wrapped by a TPM2 chip
6f5ff5
+that is always present in the machine. This does not mean that there are not use
6f5ff5
+cases for this pin, but it is important to understand the fact that an attacker
6f5ff5
+that has access to both the encrypted data and the local TPM2 chip will be able
6f5ff5
+to decrypt the data.
6f5ff5
+
6f5ff5
+# CONFIG
6f5ff5
+
6f5ff5
+This command uses the following configuration properties:
6f5ff5
+
6f5ff5
+* `hash`  (string) :
6f5ff5
+  Hash algorithm used in the computation of the object name (default: sha256)
6f5ff5
+
6f5ff5
+  It must be one of the following:
6f5ff5
+
6f5ff5
+  * `sha1`
6f5ff5
+  * `sha256`
6f5ff5
+  * `sha384`
6f5ff5
+  * `sha512`
6f5ff5
+  * `sm3_256`
6f5ff5
+
6f5ff5
+* `key`  (string) :
6f5ff5
+  Algorithm type for the generated key (default: ecc)
6f5ff5
+
6f5ff5
+  It must be one of the following:
6f5ff5
+
6f5ff5
+  * `rsa`
6f5ff5
+  * `keyedhash`
6f5ff5
+  * `ecc`
6f5ff5
+  * `symcipher`
6f5ff5
+
6f5ff5
+* `pcr_bank`  (string) :
6f5ff5
+  PCR algorithm bank to use for policy (default: sha1)
6f5ff5
+
6f5ff5
+  It must be one of the following:
6f5ff5
+
6f5ff5
+  * `sha1`
6f5ff5
+  * `sha256`
6f5ff5
+
6f5ff5
+* `pcr_ids`  (string) :
6f5ff5
+  Comma separated list of PCR used for policy. If not present, no policy is used
6f5ff5
+
6f5ff5
+* `pcr_digest`  (string) :
6f5ff5
+  Binary PCR hashes encoded in base64. If not present, the hash values are looked up
6f5ff5
+
6f5ff5
+# SEE ALSO
6f5ff5
+
6f5ff5
+`clevis-decrypt`(1)
6f5ff5
diff --git a/doc/clevis.1 b/doc/clevis.1
6f5ff5
index 3d4a10d..0937533 100644
6f5ff5
--- a/doc/clevis.1
6f5ff5
+++ b/doc/clevis.1
6f5ff5
@@ -80,6 +80,42 @@ $\ clevis\ decrypt\ <\ JWE\ >\ PT
6f5ff5
 .fi
6f5ff5
 .PP
6f5ff5
 For more information, see \f[C]clevis\-encrypt\-tang\f[](1).
6f5ff5
+.SH TPM2 BINDING
6f5ff5
+.PP
6f5ff5
+Clevis provides support to encrypt a key in a Trusted Platform Module
6f5ff5
+2.0 (TPM2) chip.
6f5ff5
+The cryptographically\-strong, random key used for encryption is
6f5ff5
+encrypted using the TPM2 chip, and then at decryption time is decrypted
6f5ff5
+using the TPM2 to allow clevis to decrypt the secret stored in the JWE.
6f5ff5
+.PP
6f5ff5
+Encrypting data using the tpm2 pin works the same than the pins
6f5ff5
+mentioned above:
6f5ff5
+.IP
6f5ff5
+.nf
6f5ff5
+\f[C]
6f5ff5
+$\ clevis\ encrypt\ tpm2\ \[aq]{}\[aq]\ <\ PT\ >\ JWE
6f5ff5
+\f[]
6f5ff5
+.fi
6f5ff5
+.PP
6f5ff5
+The pin has reasonable defaults for its configuration, but a different
6f5ff5
+hierarchy, hash, and key algorithms can be chosen if the defaults used
6f5ff5
+are not suitable.
6f5ff5
+.PP
6f5ff5
+Decryption also works similar to other pins, only the JWE needs to be
6f5ff5
+provided:
6f5ff5
+.IP
6f5ff5
+.nf
6f5ff5
+\f[C]
6f5ff5
+$\ clevis\ decrypt\ <\ JWE\ >\ PT
6f5ff5
+\f[]
6f5ff5
+.fi
6f5ff5
+.PP
6f5ff5
+Note that like other pins no configuration is used for decryption, this
6f5ff5
+is due clevis storing the public and private keys to unseal the TPM2
6f5ff5
+encrypted object in the JWE so clevis can fetch that information from
6f5ff5
+there.
6f5ff5
+.PP
6f5ff5
+For more information see \f[C]clevis\-encrypt\-tpm2\f[](1).
6f5ff5
 .SH SHAMIR\[aq]S SECRET SHARING
6f5ff5
 .PP
6f5ff5
 Clevis provides a way to mix pins together to create sophisticated
6f5ff5
@@ -151,7 +187,7 @@ For more information, see \f[C]clevis\-luks\-bind\f[](1).
6f5ff5
 .SH SEE ALSO
6f5ff5
 .PP
6f5ff5
 \f[C]clevis\-encrypt\-http\f[](1), \f[C]clevis\-encrypt\-tang\f[](1),
6f5ff5
-\f[C]clevis\-encrypt\-sss\f[](1), \f[C]clevis\-luks\-bind\f[](1),
6f5ff5
-\f[C]clevis\-decrypt\f[](1)
6f5ff5
+\f[C]clevis\-encrypt\-tpm2\f[](1), \f[C]clevis\-encrypt\-sss\f[](1),
6f5ff5
+\f[C]clevis\-luks\-bind\f[](1), \f[C]clevis\-decrypt\f[](1)
6f5ff5
 .SH AUTHORS
6f5ff5
 Nathaniel McCallum <npmccallum@redhat.com>.
6f5ff5
diff --git a/src/Makefile.am b/src/Makefile.am
6f5ff5
index 244874b..8562502 100644
6f5ff5
--- a/src/Makefile.am
6f5ff5
+++ b/src/Makefile.am
6f5ff5
@@ -25,6 +25,12 @@ dist_bin_SCRIPTS = \
6f5ff5
     clevis-decrypt \
6f5ff5
     clevis
6f5ff5
 
6f5ff5
+if HAVE_TPM2_TOOLS
6f5ff5
+    dist_bin_SCRIPTS += \
6f5ff5
+    clevis-encrypt-tpm2 \
6f5ff5
+    clevis-decrypt-tpm2
6f5ff5
+endif
6f5ff5
+
6f5ff5
 clevis_encrypt_sss_SOURCES = clevis-encrypt-sss.c sss.c sss.h
6f5ff5
 clevis_decrypt_sss_SOURCES = clevis-decrypt-sss.c sss.c sss.h
6f5ff5
 clevis_encrypt_sss_LDADD = @jose_LIBS@ @libcrypto_LIBS@
6f5ff5
diff --git a/src/clevis-decrypt-tpm2 b/src/clevis-decrypt-tpm2
6f5ff5
new file mode 100755
6f5ff5
index 0000000..f3871d8
6f5ff5
--- /dev/null
6f5ff5
+++ b/src/clevis-decrypt-tpm2
6f5ff5
@@ -0,0 +1,126 @@
6f5ff5
+#!/bin/bash -e
6f5ff5
+# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
6f5ff5
+#
6f5ff5
+# Copyright (c) 2017 Red Hat, Inc.
6f5ff5
+# Author: Javier Martinez Canillas <javierm@redhat.com>
6f5ff5
+#
6f5ff5
+# This program is free software: you can redistribute it and/or modify
6f5ff5
+# it under the terms of the GNU General Public License as published by
6f5ff5
+# the Free Software Foundation, either version 3 of the License, or
6f5ff5
+# (at your option) any later version.
6f5ff5
+#
6f5ff5
+# This program is distributed in the hope that it will be useful,
6f5ff5
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
6f5ff5
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
6f5ff5
+# GNU General Public License for more details.
6f5ff5
+#
6f5ff5
+# You should have received a copy of the GNU General Public License
6f5ff5
+# along with this program.  If not, see <http: www.gnu.org="" licenses=""/>.
6f5ff5
+#
6f5ff5
+
6f5ff5
+# The owner hierarchy is the one that should be used by the Operating System.
6f5ff5
+auth="o"
6f5ff5
+
6f5ff5
+function on_exit() {
6f5ff5
+    if ! rm -r $TMP; then
6f5ff5
+        echo "Delete temporary files failed!" >&2
6f5ff5
+        exit 1
6f5ff5
+    fi
6f5ff5
+}
6f5ff5
+
6f5ff5
+[ $# -eq 1 -a "$1" == "--summary" ] && exit 1
6f5ff5
+
6f5ff5
+if [ -t 0 ]; then
6f5ff5
+    echo >&2
6f5ff5
+    echo "Usage: clevis decrypt tpm2 < JWE > PLAINTEXT" >&2
6f5ff5
+    echo >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+export TPM2TOOLS_TCTI_NAME=device
6f5ff5
+export TPM2TOOLS_DEVICE_FILE=`ls /dev/tpmrm? 2>/dev/null`
6f5ff5
+
6f5ff5
+if [ -z "${TPM2TOOLS_DEVICE_FILE[0]}" ]; then
6f5ff5
+    echo "A TPM2 device with the in-kernel resource manager is needed!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if ! [[ -r "${TPM2TOOLS_DEVICE_FILE[0]}" && -w "${TPM2TOOLS_DEVICE_FILE[0]}" ]]; then
6f5ff5
+    echo "The ${TPM2TOOLS_DEVICE_FILE[0]} device must be readable and writable!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+read -d . hdr
6f5ff5
+
6f5ff5
+if ! jhd=`jose b64 dec -i- <<< "$hdr"`; then
6f5ff5
+    echo "Error decoding JWE protected header!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if [ `jose fmt -j- -Og clevis -g pin -u- <<< "$jhd"` != "tpm2" ]; then
6f5ff5
+    echo "JWE pin mismatch!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if ! hash=`jose fmt -j- -Og clevis -g tpm2 -g hash -Su- <<< "$jhd"`; then
6f5ff5
+    echo "JWE missing required 'hash' header parameter!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if ! key=`jose fmt -j- -Og clevis -g tpm2 -g key -Su- <<< "$jhd"`; then
6f5ff5
+    echo "JWE missing required 'key' header parameter!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if ! jwk_pub=`jose fmt -j- -Og clevis -g tpm2 -g jwk_pub -Su- <<< "$jhd"`; then
6f5ff5
+    echo "JWE missing required 'key' header parameter!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if ! jwk_priv=`jose fmt -j- -Og clevis -g tpm2 -g jwk_priv -Su- <<< "$jhd"`; then
6f5ff5
+    echo "JWE missing required 'key' header parameter!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if ! TMP=`mktemp -d`; then
6f5ff5
+    echo "Creating a temporary dir for TPM files failed!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+trap 'on_exit' EXIT
6f5ff5
+
6f5ff5
+pcr_ids=`jose fmt -j- -Og clevis -g tpm2 -g pcr_ids -Su- <<< "$jhd"` || true
6f5ff5
+
6f5ff5
+if [ -n "$pcr_ids" ]; then
6f5ff5
+    pcr_bank=`jose fmt -j- -Og clevis -g tpm2 -g pcr_bank -Su- <<< "$jhd"`
6f5ff5
+    policy_options="-L $pcr_bank:$pcr_ids"
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if ! `jose b64 dec -i- -O $TMP/jwk.pub <<< "$jwk_pub"`; then
6f5ff5
+    echo "Decoding jwk.pub from Base64 failed!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if ! `jose b64 dec -i- -O $TMP/jwk.priv <<< "$jwk_priv"`; then
6f5ff5
+    echo "Decoding jwk.priv from Base64 failed!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if ! tpm2_createprimary -Q -H "$auth" -g "$hash" -G "$key" \
6f5ff5
+     -C $TMP/primary.context 2>/dev/null; then
6f5ff5
+    echo "Creating TPM2 primary key failed!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if ! tpm2_load -Q -c $TMP/primary.context -u $TMP/jwk.pub -r $TMP/jwk.priv \
6f5ff5
+     -C $TMP/load.context 2>/dev/null; then
6f5ff5
+    echo "Loading jwk to TPM2 failed!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if ! jwk=`tpm2_unseal -c $TMP/load.context $policy_options 2>/dev/null`; then
6f5ff5
+    echo "Unsealing jwk from TPM failed!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+jose jwe dec -k- -i- < <(echo -n "$jwk$hdr."; cat)
6f5ff5
diff --git a/src/clevis-encrypt-tpm2 b/src/clevis-encrypt-tpm2
6f5ff5
new file mode 100755
6f5ff5
index 0000000..b99aa97
6f5ff5
--- /dev/null
6f5ff5
+++ b/src/clevis-encrypt-tpm2
6f5ff5
@@ -0,0 +1,156 @@
6f5ff5
+#!/bin/bash -e
6f5ff5
+# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
6f5ff5
+#
6f5ff5
+# Copyright (c) 2017 Red Hat, Inc.
6f5ff5
+# Author: Javier Martinez Canillas <javierm@redhat.com>
6f5ff5
+#
6f5ff5
+# This program is free software: you can redistribute it and/or modify
6f5ff5
+# it under the terms of the GNU General Public License as published by
6f5ff5
+# the Free Software Foundation, either version 3 of the License, or
6f5ff5
+# (at your option) any later version.
6f5ff5
+#
6f5ff5
+# This program is distributed in the hope that it will be useful,
6f5ff5
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
6f5ff5
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
6f5ff5
+# GNU General Public License for more details.
6f5ff5
+#
6f5ff5
+# You should have received a copy of the GNU General Public License
6f5ff5
+# along with this program.  If not, see <http: www.gnu.org="" licenses=""/>.
6f5ff5
+#
6f5ff5
+
6f5ff5
+SUMMARY="Encrypts using a TPM2.0 chip binding policy"
6f5ff5
+# The owner hierarchy is the one that should be used by the Operating System.
6f5ff5
+auth="o"
6f5ff5
+# Algorithm type must be keyedhash for object with user provided sensitive data.
6f5ff5
+alg_create_key="keyedhash"
6f5ff5
+# Attributes for the created TPM2 object with the JWK as sensitive data.
6f5ff5
+obj_attr="fixedtpm|fixedparent|sensitivedataorigin|noda|adminwithpolicy"
6f5ff5
+
6f5ff5
+function on_exit() {
6f5ff5
+    if ! rm -rf $TMP; then
6f5ff5
+        echo "Delete temporary files failed!" >&2
6f5ff5
+        exit 1
6f5ff5
+    fi
6f5ff5
+}
6f5ff5
+
6f5ff5
+if [ "$1" == "--summary" ]; then
6f5ff5
+    echo "$SUMMARY"
6f5ff5
+    exit 0
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if [ -t 0 ]; then
6f5ff5
+    echo >&2
6f5ff5
+    echo "Usage: clevis encrypt tpm2 CONFIG < PLAINTEXT > JWE" >&2
6f5ff5
+    echo >&2
6f5ff5
+    echo $SUMMARY >&2
6f5ff5
+    echo >&2
6f5ff5
+    echo "This command uses the following configuration properties:" >&2
6f5ff5
+    echo >&2
6f5ff5
+    echo "  hash: <string>  Hash algorithm used in the computation of the object name (default: sha256)" >&2
6f5ff5
+    echo >&2
6f5ff5
+    echo "  key: <string>   Algorithm type for the generated key (default: ecc)" >&2
6f5ff5
+    echo >&2
6f5ff5
+    echo "  pcr_bank: <string>   PCR algorithm bank to use for policy (default: sha1)" >&2
6f5ff5
+    echo >&2
6f5ff5
+    echo "  pcr_ids: <string>   PCR list used for policy. If not present, no policy is used" >&2
6f5ff5
+    echo >&2
6f5ff5
+    echo "  pcr_digest: <string>   Binary PCR hashes encoded in base64. If not present, the hash values are looked up" >&2
6f5ff5
+    echo >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+export TPM2TOOLS_TCTI_NAME=device
6f5ff5
+export TPM2TOOLS_DEVICE_FILE=`ls /dev/tpmrm? 2>/dev/null`
6f5ff5
+
6f5ff5
+if [ -z "${TPM2TOOLS_DEVICE_FILE[0]}" ]; then
6f5ff5
+    echo "A TPM2 device with the in-kernel resource manager is needed!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if ! [[ -r "${TPM2TOOLS_DEVICE_FILE[0]}" && -w "${TPM2TOOLS_DEVICE_FILE[0]}" ]]; then
6f5ff5
+    echo "The ${TPM2TOOLS_DEVICE_FILE[0]} device must be readable and writable!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if ! cfg=`jose fmt -j "$1" -Oo- 2>/dev/null`; then
6f5ff5
+    echo "Configuration is malformed!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+hash=`jose fmt -j- -Og hash -u- <<< "$cfg"` || hash="sha256"
6f5ff5
+
6f5ff5
+key=`jose fmt -j- -Og key -u- <<< "$cfg"` || key="ecc"
6f5ff5
+
6f5ff5
+pcr_bank=`jose fmt -j- -Og pcr_hash -u- <<< "$cfg"` || pcr_bank="sha1"
6f5ff5
+
6f5ff5
+pcr_ids=`jose fmt -j- -Og pcr_ids -u- <<< "$cfg"` || true
6f5ff5
+
6f5ff5
+pcr_digest=`jose fmt -j- -Og pcr_digest -u- <<< "$cfg"` || true
6f5ff5
+
6f5ff5
+if ! jwk=`jose jwk gen -i '{"alg":"A256GCM"}'`; then
6f5ff5
+    echo "Generating a jwk failed!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if ! TMP=`mktemp -d`; then
6f5ff5
+    echo "Creating a temporary dir for TPM files failed!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+trap 'on_exit' EXIT
6f5ff5
+
6f5ff5
+if ! tpm2_createprimary -Q -H "$auth" -g "$hash" -G "$key" -C $TMP/primary.context; then
6f5ff5
+    echo "Creating TPM2 primary key failed!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if [ -n "$pcr_ids" ]; then
6f5ff5
+    if [ -z "$pcr_digest" ]; then
6f5ff5
+        if ! tpm2_pcrlist -Q -L "$pcr_bank":"$pcr_ids" -o $TMP/pcr.digest; then
6f5ff5
+            echo "Creating PCR hashes file failed!" >&2
6f5ff5
+            exit 1
6f5ff5
+        fi
6f5ff5
+    else
6f5ff5
+        if ! jose b64 dec -i- -O "$TMP"/pcr.digest <<< "$pcr_digest"; then
6f5ff5
+            echo "Error decoding PCR digest!" >&2
6f5ff5
+            exit 1
6f5ff5
+        fi
6f5ff5
+    fi
6f5ff5
+
6f5ff5
+    if ! tpm2_createpolicy -Q -P -L "$pcr_bank":"$pcr_ids" -F $TMP/pcr.digest -f $TMP/pcr.policy; then
6f5ff5
+        echo "create policy fail, please check the environment or parameters!"
6f5ff5
+        exit 1
6f5ff5
+    fi
6f5ff5
+
6f5ff5
+    policy_options="-L $TMP/pcr.policy"
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if ! tpm2_create -Q -g "$hash" -G "$alg_create_key" -c $TMP/primary.context -u $TMP/jwk.pub \
6f5ff5
+     -r $TMP/jwk.priv -A "$obj_attr" $policy_options -I- <<< "$jwk"; then
6f5ff5
+    echo "Creating TPM2 object for jwk failed!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if ! jwk_pub=`jose b64 enc -I $TMP/jwk.pub`; then
6f5ff5
+    echo "Encoding jwk.pub in Base64 failed!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+if ! jwk_priv=`jose b64 enc -I $TMP/jwk.priv`; then
6f5ff5
+    echo "Encoding jwk.priv in Base64 failed!" >&2
6f5ff5
+    exit 1
6f5ff5
+fi
6f5ff5
+
6f5ff5
+jwe='{"protected":{"clevis":{"pin":"tpm2","tpm2":{}}}}'
6f5ff5
+jwe=`jose fmt -j "$jwe" -g protected -g clevis -g tpm2 -q "$hash" -s hash -UUUUo-`
6f5ff5
+jwe=`jose fmt -j "$jwe" -g protected -g clevis -g tpm2 -q "$key" -s key -UUUUo-`
6f5ff5
+
6f5ff5
+if [ -n "$pcr_ids" ]; then
6f5ff5
+    jwe=`jose fmt -j "$jwe" -g protected -g clevis -g tpm2 -q "$pcr_bank" -s pcr_bank -UUUUo-`
6f5ff5
+    jwe=`jose fmt -j "$jwe" -g protected -g clevis -g tpm2 -q "$pcr_ids" -s pcr_ids -UUUUo-`
6f5ff5
+fi
6f5ff5
+
6f5ff5
+jwe=`jose fmt -j "$jwe" -g protected -g clevis -g tpm2 -q "$jwk_pub" -s jwk_pub -UUUUo-`
6f5ff5
+jwe=`jose fmt -j "$jwe" -g protected -g clevis -g tpm2 -q "$jwk_priv" -s jwk_priv -UUUUo-`
6f5ff5
+
6f5ff5
+jose jwe enc -i- -k- -I- -c < <(echo -n "$jwe$jwk"; cat)
6f5ff5
diff --git a/src/dracut/module-setup.sh.in b/src/dracut/module-setup.sh.in
6f5ff5
index 5087d56..119762e 100755
6f5ff5
--- a/src/dracut/module-setup.sh.in
6f5ff5
+++ b/src/dracut/module-setup.sh.in
6f5ff5
@@ -28,6 +28,8 @@ cmdline() {
6f5ff5
 }
6f5ff5
 
6f5ff5
 install() {
6f5ff5
+    local ret=0
6f5ff5
+
6f5ff5
     cmdline > "${initdir}/etc/cmdline.d/99clevis.conf"
6f5ff5
 
6f5ff5
     inst_hook initqueue/online 60 "$moddir/clevis-hook.sh"
6f5ff5
@@ -41,10 +43,31 @@ install() {
6f5ff5
         clevis-decrypt \
6f5ff5
         luksmeta \
6f5ff5
         clevis \
6f5ff5
+        mktemp \
6f5ff5
         curl \
6f5ff5
         jose \
6f5ff5
         nc
6f5ff5
 
6f5ff5
+    for cmd in clevis-decrypt-tpm2 \
6f5ff5
+	tpm2_createprimary \
6f5ff5
+	tpm2_unseal \
6f5ff5
+	tpm2_load; do
6f5ff5
+
6f5ff5
+	if ! find_binary "$cmd" &>/dev/null; then
6f5ff5
+	    ((ret++))
6f5ff5
+	fi
6f5ff5
+    done
6f5ff5
+
6f5ff5
+    if (($ret == 0)); then
6f5ff5
+	inst_multiple clevis-decrypt-tpm2 \
6f5ff5
+	    tpm2_createprimary \
6f5ff5
+	    tpm2_unseal \
6f5ff5
+	    tpm2_load
6f5ff5
+    fi
6f5ff5
+
6f5ff5
     dracut_need_initqueue
6f5ff5
 }
6f5ff5
 
6f5ff5
+installkernel() {
6f5ff5
+    hostonly='' instmods =drivers/char/tpm
6f5ff5
+}
6f5ff5
-- 
6f5ff5
2.17.1
6f5ff5