TPM Encryption in Fedora Linux

Administrators from the sphere of Windows systems know Bitlocker and the automatic decryption of the hard disk by the Trusted Platform Module (TPM). This method is considered to be secure and very convenient, as the user usually does not have to enter a decryption password. It is assumed that the operating system is trustworthy and regulates user access securely.

In the Linux world, such automatic decryption can also be practical. It can mean more comfort for users at workstations and also allows encrypted data carriers to be used in servers, which are automatically unlocked again after a restart. For the latter case, there are other network-based procedures besides TPM.

In this article I will show you how to enable automatic decryption via TPM on Fedora Linux. The prerequisite is the presence of an activated TPM v2 chip on the device with a root filesystem that is encrypted with LUKS.

For my testing I used:

  • Fedora 29 with LUKS encrypted root filesystem
  • A Dell Inspiron Laptop (UEFI Updates installed!)
  • A Lenovo V110 Laptop (UEFI Updates installed!)

The configuration may differ with other or newer Linux versions. Since the programs are partly still very new, the following steps do not work in older distributions. In addition, the Trusted Platform module must be version 2. If necessary, a firmware update must be carried out beforehand. Please check with the manufacturer of your hardware.

Disclaimer

The author is not to be held responsible for any damage caused by following these instructions.

Warning

This manual deals with device encryption of computers. Errors can lead to data loss. Users who are not familiar with this topic are advised not to make these changes themselves.

Computer security is never 100% perfect. It is possible that using TPM to decrypt your computer has security loopholes that you cannot foresee. This refers for example to the case that the boot kernel has been manipulated to intercept communication with the TPM chip. Be aware of the theoretical possibility of such manipulation and other tampering before choosing this decryption method.

Preparations

Before you get started to configure your TPM, you should first check whether all the necessary prerequisites have been met.

  • Is a TPM v2 chip available in my system?
  • Is my system already encrypted with LUKS or LUKS2? What is the device name of the device with the encrypted LVM volume?
  • Is secure boot on?
  • Are all BIOS/UEFI settings finalized? Changes to the startup settings can later cause the TPM to output a different key.
  • Is the hardware configuration final? Changes to the hardware can also cause the TPM to output a different key later.

Lets go through this list step be step. First you need to check whether TPM is available. Open a terminal and type in

ls -alh /dev/tpm*

The output should be:

crw-rw-rw-. 1 tss root  10,   224  4. Feb 13:07 /dev/tpm0
crw-rw-rw-. 1 tss tss  253, 65536  4. Feb 13:07 /dev/tpmrm0

If you receive an error message, either there is no Trusted Platform Module, or it is disabled, or it was not detected.

Compare the permissions in the example shown above with your output. If the tpm* devices on your system have different permission, then you need to create a udev rule. To do this, create a file with the filename “/etc/udev/rules.d/80-tpm-2.rules” and add the following content.

# tpm 2 devices need to be world readable
SUBSYSTEM=="tpm", ACTION=="add", MODE="0666"
SUBSYSTEM=="tpmrm", ACTION=="add", MODE="0666"

Restart your system and list the devices again.

Next step is to install the following packages:

clevisAutomated decryption policy framework
clevis-luksTo bind LUKS volumes to the Clevis automation policy
clevis-udisks2Optional: Can unlock encrypted removable devices automatically in desktop session
clevis-dracutProvides functions to decrypt the root volume during early boot
dnf install clevis clevis-luks clevis-udisks2 clevis-dracut
dracut -f

Now its time to test the TPM encryption module. The following example encrypts the words “Hello World” and writes them to test.txt. Give it a try!

echo Hello World | clevis encrypt tpm2 '{}' > test.txt
cat test.txt
clevis decrypt tpm2 < test.txt

Once you have ensured that the Trusted Platform Module is ready for use, it is time to automatically decrypt the existing encrypted root file system. If you are not sure how your partitions are configured, start “blivet-gui”. The following example shows the default configuration in Fedora if the encryption option was selected during installation.

In the example shown above the encrypted logical volume is called “fedora”. Its device name can be deduced to be /dev/sda3. Try this command to show some information about the cryptographic setup of that partition:

sudo cryptsetup luksDump /dev/sda3

What we will do next is to bind another master key to the LUKS volume. This master key is generated directly by the TPM under the condition that no manipulations have been made to the UEFI Secure Boot. For this there is a specific set of Platform Configuration Registers (PCR) called PCR7.

sudo clevis luks bind -d /dev/sda3 tpm2 '{"pcr_ids":"7"}'

When this is done, check if the new key has been written to the LUKS volume.

For LUKS v1:

luksmeta show -d /dev/sda3
0   active empty
1   active cb6e8904-81ff-40da-a84a-07ab9ab5715e
2 inactive empty
3 inactive empty
4 inactive empty
5 inactive empty
6 inactive empty
7 inactive empty

For LUKS v2:

sudo cryptsetup luksDump /dev/sda3
Tokens:
  0: clevis
    Keyslot:  1

If you have not done it already, its time to regenerate the iniramfs image with this command:

dracut -f

This will include the Clevis modules into the early boot phase. You only need to do this once. Before you restart your machine, please read the chapter “Bugs”. I also recommend to read my security notes.

Bugs

a) Messed up binding

Not always does the binding with clevis work. On both my test systems I had a luksmeta output similar to this:

luksmeta show -d /dev/sda
0   active empty
1   active empty
2 inactive cb6e8904-81ff-40da-a84a-07ab9ab5715e
3 inactive empty
4 inactive empty
5 inactive empty
6 inactive empty
7 inactive empty

The problem here is, that the clevis key is using an inactive key-slot (No. 2). The result is that during the early boot phase the drive was not unlocked automatically. The solution is quite simple: Just run the clevis luks bind command again.

b) Boot prompt

During UEFI boot the boot prompt still shows up while booting continues. This is a bug I will report to the developers.

Security Notes

You may ask yourself: How secure is my Linux if I use TPM to decrypt my system automatically? This is an important question to answer and some factors need to be considered. These are among others:

  • Does my Linux system have security vulnerabilities that someone can use to break into the running system? Such security holes could be: weak user password, open network services, incorrect authentication, zero-day vulnerabilities in network services such as SSH or Apache.
  • When does the PCR7 function of the TPM kick in? With UEFI turned off? When started from another device? When replacing the SSD? When manipulating the initramf?

I have created a checklist with some basic questions that you should clarify:

  • Do I have a secure user password?
  • Is it OK for third parties to see my name on the login screen?
  • Have I disabled automatic login to GDM?
  • Which network services does my system start automatically?
  • Does my firewall start automatically and how is it configured?
  • Which network ports are accessible from the outside via the network interface?
  • Have I installed all the latest security patches?
  • Have I secured my UEFI with an administrator password?
  • Have I disabled the ability to start legacy devices?
  • Is Secure Boot not only switched on but also enforced?

If you have questions or would like to give feedback, please feel free to contact me or use the comment function below this article. I would like to thank the authors of the linked sources for their contributions and services.

The picture used for this article is a mockup created with the free service of smartmockups.com. The robo-tux shown on the computer can be found on pixabay.

Further Reading

2 replies on “ TPM Encryption in Fedora Linux ”
Leave a Reply

Your email address will not be published. Required fields are marked *