-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Wed, Jan 06, 2016 at 04:13:02AM -0800,
ipet...@gmail.com wrote:
> Hi!
>
> Is it possible? Are there any tutorials about it?
Currently not. But probably possible to implement. The idea is to encrypt
"something" using next OTP (from yubikey). Then after successful mount,
remove the old "something" and replace with the new value (since disk is
already mounted, it can access shared secret of yubikey, so it is
possible then), for the next boot. This idea requires to know exactly the
next OTP value, so time based OTP would be useless here. I would go with
challenge-response mode, but some details needs to be sorted out.
Regarding "something", it could be part of disk passphrase. Or even the
next OTP could be used as part of disk passphrase itself.
So the process would look like this:
1. Start (init TXT, load with measurements xen, kernel, initrd)
2. Unseal secret from TPM
3. Add a counter value(*) to it (and increment the counter)
4. Ask user for a passphrase
5. Concatenate user passphrase, unsealed secret and counter value,
calculate sha1
6. Feed result of previous step to yubikey as a challenge
7. Get a response from yubikey
8. Use response concatenated with unsealed secret as LUKS passphrase
==> LUKS mounted here, now prepare for the next startup
8. Get next counter value
9. Repeat steps 5-7 (not necessary using yubikey again, but secret key
from the disk; but using yubikey again is probably also ok)
10. Replace LUKS slot used to mount LUKS, with the newly calculated
passhprase
(*) open question: where store the counter? Does TPM provide something
like non-retractable counters? Or maybe YubiKey can be used for that (in
YubiKey OTP mode)?
This is just an idea, needs some more evaluation. For example:
1. Is it really good idea to prompt for the user passphrase without
showing user unsealed TPM secret? Theoretically user passphrase is
useless without proper unsealed TPM secret. But maybe I'm missing
something?
2. An attacker can make a copy of the whole disk, including LUKS header,
so replacing LUKS slot doesn't prevent he/she from using outdated OTP.
3. Some multi-stage attack scenario, when user passhprase is
concatenated to yubikey response, not the challenge:
1. An attacker get access to the hardware, connect fake yubikey,
which will record the challenge, boot the system to capture
the challenge; also make a backup of LUKS header before anything
2. He/she replace initramfs to replay previous challenge and capture
response together with user passphrase
3. The next time user tries to boot the system, the same challenge is
sent to yubikey to receive the response; unlock would fail because
of different PCR values (so TPM unseal would fail and one part of LUKS
passphrase will be missing); but the attacker now have a correct
response to some challenge and user passphrase
4. Attacker replaces initramfs to previous value to allow further
boots normally
Now, if the attacker can convince original initramfs to use previous
counter value (to generate the same challenge), he/she will be able to decrypt
the data. So having really non-retractable counter is critical here.
4. Maybe some other attack, similar to "3" is still possible?
5. It would be probably good idea to keep LUKS slot encrypted not only
for one next boot, but a few of them (for example 5). So if you
accidentally power on the computer but not provide a password, you will
not lock yourself out. Also a backup key is a good idea...
Related info:
YubiKey FDE implementation integration guidelines:
https://www.yubico.com/wp-content/uploads/2012/10/YubiKey-Integration-for-Full-Disk-Encryption-with-Pre-Boot-Authentication-v1.2.pdf
YubiKey integration with Qubes:
https://www.qubes-os.org/doc/yubi-key/
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWjYOWAAoJENuP0xzK19csd1gIAI/78X3kVHCefcmwtCJrb5j5
ESsu/t76OZhJfqkHb6FpLk4vWc7cneu18mcZI6pSo6Cizx3g/kbkbWrbovodfCpr
lkuXMCJEYYIuJ13DMFmtDS+W2wUecG5OvPJxAoLGvCRXYjyiNytTwzwVCO0c9Su1
+cAflFb8LPynXqoQ9gr6/j2U2pjo7xsPgSUDzZM7JS6NKlFlxhWwTRGu2QWNylDh
TtCo0E2yS5e9m1Vbhqb3ba4rD6QlhTrLsimI5PCvpRC2yEImPNl71bwNrfel685p
ePMhAnk+snSRjxso7nh9SztDiKu2r+MahCM0ggEUVkL5Zg/ZFT+2L+qPV+qjwVk=
=hwYr
-----END PGP SIGNATURE-----