Set up encryption on root/home paritions on a system using Systemd-boot

I posted this on the OpenSUSE Subreddit Reddit - Dive into anything.

Unfortunately, they were unable to help despite their good guidance. which I fully appreciate them for. So I have come here for assistance.

When I installed Tumbleweed I did so with a separate /home partition which is encrypted using the same key for the root partition.

I attempted to set up Automated decryption of the drive using my TPM2 via the guide here (Quickstart in Full Disk Encryption with TPM and YaST2 - openSUSE MicroOS) but I couldn’t get it working as I keep getting prompted for my password to open the /home partition.

thehome@thehomesystemserver:~> sudo sdbootutil enroll --method tpm2
[sudo] password for thehome: 
Garbage after device path end, ignoring.
Garbage after device path end, ignoring.
Garbage after device path end, ignoring.
NVIndex policy created
Enrolling with TPM2 (pcrlock): /dev/nvme0n1p2
Wiped slot 1.
πŸ” Please enter current passphrase for disk /dev/nvme0n1p2: β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’
New TPM2 token enrolled as key slot 1.
   1 tpm2
Enrolling with TPM2 (pcrlock): /dev/nvme0n1p3
Wiped slot 1.
πŸ” Please enter current passphrase for disk /dev/nvme0n1p3: β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’β€’
New TPM2 token enrolled as key slot 1.
   1 tpm2
thehome@thehomesystemserver:~> sudo cat /etc/crypttab
# File created by sdbootutil.  Comments will be removed
cr_root UUID=8e30cf4f-281a-4fd9-a885-9b66e57567dc - tpm2-device=auto
cr_home UUID=e557c87e-9a6e-4a29-8ce4-57691403002f - tpm2-device=auto
thehome@thehomesystemserver:~> 

Any suggestions on what I do, cause I am kind of lost at the moment.

TPM unlock is bound to PCR values. What PCRs do you use?

P.S. First you show some commands using device names and then you show /etc/crypttab using UUIDs. We have no idea whether they match.

thehome@thehomesystemserver:~> cat /etc/sysconfig/fde-tools
FDE_SEAL_PCR_LIST=0,2,4,7,9
thehome@thehomesystemserver:~> lsblk -f
NAME          FSTYPE            FSVER LABEL           UUID                                 FSAVAIL FSUSE% MOUNTPOINTS
sda                                                                                                       
└─sda1        linux_raid_member 1.2   thehostingraid  ed51a8bb-25d8-3bb6-1622-7ec1830577bd                
  └─md126                                                                                                 
    β”œβ”€md126p1 ext4              1.0   mypersonalspace 7489043d-2f77-4fd0-811a-e1221341df33                
    └─md126p2 ext4              1.0   services        adf289a2-f9a2-4de2-9163-5f4b0a906765                
sdb                                                                                                       
└─sdb1        linux_raid_member 1.2   themediaraid    ab00edc7-9765-01d9-227c-dcc7f1a53d03                
  └─md127                                                                                                 
    β”œβ”€md127p1 ext4              1.0   downloads       5019dfb0-21a8-4424-a6b2-125b8c4df5e9                
    └─md127p2 ext4              1.0   content         7e8cdd71-b6d6-45ff-8f21-8df626210a92                
sdc                                                                                                       
└─sdc1        linux_raid_member 1.2   thehostingraid  ed51a8bb-25d8-3bb6-1622-7ec1830577bd                
  └─md126                                                                                                 
    β”œβ”€md126p1 ext4              1.0   mypersonalspace 7489043d-2f77-4fd0-811a-e1221341df33                
    └─md126p2 ext4              1.0   services        adf289a2-f9a2-4de2-9163-5f4b0a906765                
sdd                                                                                                       
└─sdd1        linux_raid_member 1.2   themediaraid    ab00edc7-9765-01d9-227c-dcc7f1a53d03                
  └─md127                                                                                                 
    β”œβ”€md127p1 ext4              1.0   downloads       5019dfb0-21a8-4424-a6b2-125b8c4df5e9                
    └─md127p2 ext4              1.0   content         7e8cdd71-b6d6-45ff-8f21-8df626210a92                
nvme0n1                                                                                                   
β”œβ”€nvme0n1p1   vfat              FAT32                 0964-123C                             386.8M    24% /boot/efi
β”œβ”€nvme0n1p2   crypto_LUKS       2                     8e30cf4f-281a-4fd9-a885-9b66e57567dc                
β”‚ └─cr_root   btrfs                                   60a4cbe5-5643-4ebb-ac56-c5f18bea4aff  315.4G     1% /var
β”‚                                                                                                         /usr/local
β”‚                                                                                                         /root
β”‚                                                                                                         /srv
β”‚                                                                                                         /opt
β”‚                                                                                                         /boot/grub2/x86_64-efi
β”‚                                                                                                         /boot/grub2/i386-pc
β”‚                                                                                                         /.snapshots
β”‚                                                                                                         /
└─nvme0n1p3   crypto_LUKS       2                     e557c87e-9a6e-4a29-8ce4-57691403002f                
  └─cr_home   ext4              1.0                   720c1308-8ef2-4bea-843a-4311d15db157  569.5G     0% /home

As I have attached above The PCRs used are those ones that come with the fde-tools package via sdbootutil.

Is cr_root unlocked automatically? Show

bootctl --no-pager
ls -lR /boot/efi

Here are my results from both of those commands

thehome@thehomesystemserver:~> bootctl --no-pager
System:
      Firmware: UEFI 2.80 (American Megatrends 5.27)
 Firmware Arch: x64
   Secure Boot: enabled (deployed)
  TPM2 Support: yes
  Measured UKI: no
  Boot into FW: supported

Current Boot Loader:
      Product: systemd-boot 256.5+suse.7.gbef0958f4d
     Features: βœ“ Boot counting
               βœ“ Menu timeout control
               βœ“ One-shot menu timeout control
               βœ“ Default entry control
               βœ“ One-shot entry control
               βœ“ Support for XBOOTLDR partition
               βœ“ Support for passing random seed to OS
               βœ“ Load drop-in drivers
               βœ“ Support Type #1 sort-key field
               βœ“ Support @saved pseudo-entry
               βœ“ Support Type #1 devicetree field
               βœ“ Enroll SecureBoot keys
               βœ“ Retain SHIM protocols
               βœ“ Menu can be disabled
               βœ“ Boot loader sets ESP information
          ESP: /dev/disk/by-partuuid/3f034281-5ced-4398-9415-4ae1c1d1eb1a
         File: └─/EFI/systemd/grub.efi

Random Seed:
 System Token: set
       Exists: yes

Available Boot Loaders on ESP:
          ESP: /boot/efi (/dev/disk/by-partuuid/3f034281-5ced-4398-9415-4ae1c1d1eb1a)
         File: β”œβ”€/EFI/systemd/MokManager.efi
               β”œβ”€/EFI/systemd/shim.efi
               β”œβ”€/EFI/systemd/grub.efi (systemd-boot 256.5+suse.7.gbef0958f4d)
               β”œβ”€/EFI/BOOT/MokManager.efi
               β”œβ”€/EFI/BOOT/fallback.efi
               └─/EFI/BOOT/BOOTX64.EFI

Boot Loaders Listed in EFI Variables:
        Title: openSUSE Boot Manager
           ID: 0x0000
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/3f034281-5ced-4398-9415-4ae1c1d1eb1a
         File: └─/EFI/systemd/shim.efi

        Title: UEFI OS
           ID: 0x0001
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/3f034281-5ced-4398-9415-4ae1c1d1eb1a
         File: └─/EFI/BOOT/BOOTX64.EFI

Boot Loader Entries:
        $BOOT: /boot/efi (/dev/disk/by-partuuid/3f034281-5ced-4398-9415-4ae1c1d1eb1a)
        token: opensuse-tumbleweed

Default Boot Loader Entry:
         type: Boot Loader Specification Type #1 (.conf)
        title: openSUSE Tumbleweed
           id: opensuse-tumbleweed-6.10.9-1-default-1.conf
       source: /boot/efi//loader/entries/opensuse-tumbleweed-6.10.9-1-default-1.conf
     sort-key: opensuse-tumbleweed
      version: 1@6.10.9-1-default
        linux: /boot/efi//opensuse-tumbleweed/6.10.9-1-default/linux-7afb7207baeb9be7786bdc54e7a622d60fe39f0e
       initrd: /boot/efi//opensuse-tumbleweed/6.10.9-1-default/initrd-09c729372b1cc46beedf4771a3bf5a10932c8e42
      options: root=UUID=60a4cbe5-5643-4ebb-ac56-c5f18bea4aff splash=silent quiet security=apparmor mitigations=auto rootflags=subvol=@/.snapshots/1/snapshot systemd.machine_id=efda46323ada419387d6bd80a5d01bca
thehome@thehomesystemserver:~> ls -lR /boot/efi
/boot/efi:
total 12
drwxr-xr-x 4 root root 4096 Sep 21 17:12 EFI
drwxr-xr-x 4 root root 4096 Sep 21 17:12 loader
drwxr-xr-x 3 root root 4096 Sep 21 17:12 opensuse-tumbleweed

/boot/efi/EFI:
total 8
drwxr-xr-x 2 root root 4096 Sep 21 17:12 BOOT
drwxr-xr-x 2 root root 4096 Sep 21 16:28 systemd

/boot/efi/EFI/BOOT:
total 1872
-rwxr-xr-x 1 root root 965528 Sep 20 07:14 BOOTX64.EFI
-rwxr-xr-x 1 root root 852312 Sep 20 07:14 MokManager.efi
-rwxr-xr-x 1 root root  90496 Sep 20 07:14 fallback.efi

/boot/efi/EFI/systemd:
total 1892
-rwxr-xr-x 1 root root 852312 Sep 20 07:14 MokManager.efi
-rwxr-xr-x 1 root root     64 Sep 21 17:12 boot.csv
-rwxr-xr-x 1 root root 101232 Aug 19 17:00 grub.efi
-rwxr-xr-x 1 root root     20 Sep 21 17:12 installed_by_sdbootutil
-rwxr-xr-x 1 root root   1666 Sep 21 17:14 pcrlock.json
-rwxr-xr-x 1 root root 965528 Sep 20 07:14 shim.efi

/boot/efi/loader:
total 20
drwxr-xr-x 2 root root 4096 Sep 21 16:56 credentials
drwxr-xr-x 2 root root 4096 Sep 21 16:56 entries
-rwxr-xr-x 1 root root    6 Sep 21 17:12 entries.srel
-rwxr-xr-x 1 root root   41 Sep 21 17:12 loader.conf
-rwxr-xr-x 1 root root   32 Sep 21 17:12 random-seed

/boot/efi/loader/credentials:
total 4
-rwxr-xr-x 1 root root 2411 Sep 21 16:56 pcrlock.opensuse-tumbleweed.cred

/boot/efi/loader/entries:
total 16
-rwxr-xr-x 1 root root 532 Sep 21 16:28 opensuse-tumbleweed-6.10.9-1-default-1.conf
-rwxr-xr-x 1 root root 568 Sep 21 17:13 opensuse-tumbleweed-6.10.9-1-default-2.conf
-rwxr-xr-x 1 root root 619 Sep 21 16:56 opensuse-tumbleweed-6.10.9-1-default-3.conf
-rwxr-xr-x 1 root root 620 Sep 21 16:56 opensuse-tumbleweed-6.10.9-1-default-4.conf

/boot/efi/opensuse-tumbleweed:
total 4
drwxr-xr-x 2 root root 4096 Sep 21 16:23 6.10.9-1-default

/boot/efi/opensuse-tumbleweed/6.10.9-1-default:
total 123324
-rwxr-xr-x 1 root root 41526684 Sep 21 16:19 initrd-09c729372b1cc46beedf4771a3bf5a10932c8e42
-rwxr-xr-x 1 root root 34872321 Sep 21 16:23 initrd-35989d2bba104790c6d68bb4e90dcadb95889d48
-rwxr-xr-x 1 root root 34989402 Sep 21 17:12 initrd-fed4adee40e91a6e938087c2d51a4d5701d54122
-rwxr-xr-x 1 root root 14887280 Sep  8 15:36 linux-7afb7207baeb9be7786bdc54e7a622d60fe39f0e

That looks good. You did not answer the question

Yes. It did. Just /home that didn’t.

Does /dev/nvme0n1p3 have systemd-tpm2 token? You can check with

cryptsetup luksDump /dev/nvme0n1p3

It should have something like

Tokens:
...
  1: systemd-tpm2
...
	tpm2-pin:         false
	tpm2-pcrlock:     true
	tpm2-salt:        false
	tpm2-srk:         true
	tpm2-pcrlock-nv:  true
	Keyslot:    2

Does /var/lib/systemd/pcrlock.json exist? Can you check with

jq . /var/lib/systemd/pcrlock.json

whether it contains PCR hashes for the PCRs that are used?

Yes it does contain the token see here

thehome@thehomesystemserver:~> sudo cryptsetup luksDump /dev/nvme0n1p3
[sudo] password for thehome: 
LUKS header information
Version:        2
Epoch:          17
Metadata area:  16384 [bytes]
Keyslots area:  16744448 [bytes]
UUID:           e557c87e-9a6e-4a29-8ce4-57691403002f
Label:          (no label)
Subsystem:      (no subsystem)
Flags:          (no flags)

Data segments:
  0: crypt
        offset: 16777216 [bytes]
        length: (whole device)
        cipher: aes-xts-plain64
        sector: 512 [bytes]

Keyslots:
  0: luks2
        Key:        512 bits
        Priority:   normal
        Cipher:     aes-xts-plain64
        Cipher key: 512 bits
        PBKDF:      pbkdf2
        Hash:       sha256
        Iterations: 5691050
        Salt:       2f d0 58 72 f3 27 a3 fd 52 66 05 b7 ff c6 04 31 
                    d3 55 db 6a ef bd 45 21 dd 36 13 57 34 91 bf 5f 
        AF stripes: 4000
        AF hash:    sha256
        Area offset:32768 [bytes]
        Area length:258048 [bytes]
        Digest ID:  0
  1: luks2
        Key:        512 bits
        Priority:   normal
        Cipher:     aes-xts-plain64
        Cipher key: 512 bits
        PBKDF:      pbkdf2
        Hash:       sha512
        Iterations: 1000
        Salt:       8a 3f f5 c5 f4 bf f7 d6 6e 7a bd 25 34 95 8a e0 
                    61 80 47 f2 99 47 9a f9 40 cf c2 a2 0f 6f c6 fa 
        AF stripes: 4000
        AF hash:    sha512
        Area offset:290816 [bytes]
        Area length:258048 [bytes]
        Digest ID:  0
Tokens:
  0: systemd-tpm2
        tpm2-hash-pcrs:   
        tpm2-pcr-bank:    n/a
        tpm2-pubkey:
                    (null)
        tpm2-pubkey-pcrs: 
        tpm2-primary-alg: ecc
        tpm2-blob:  00 9e 00 20 6e 6a db 55 5b a9 18 85 22 61 eb 52
                    72 ad 51 79 a8 98 18 7e 91 89 06 09 72 42 9a d1
                    91 16 89 74 00 10 9d 9f 36 2b f1 48 07 87 33 27
                    5c 47 19 96 5d ed d5 23 56 15 86 e0 a2 fd a5 9f
                    8e ab 55 71 d2 e0 75 09 57 45 4d 02 ba 85 83 f8
                    7b 23 a9 20 94 79 77 39 4f bc 46 7f b4 aa db aa
                    72 55 fe 33 a0 4d f7 e6 4b 47 51 f1 8b 9b 56 f8
                    b9 37 6a 2b 31 f2 f7 d0 89 ac 6d 31 34 ed 75 05
                    d0 c7 f2 19 01 93 c2 5e d6 fb 6b 45 e6 73 bb 22
                    5e 7a 2c e1 a4 e7 51 9f 08 bd f5 4b 0f 10 fd cd
                    00 4e 00 08 00 0b 00 00 04 12 00 20 d3 f8 df b7
                    30 c8 0e 41 0a a8 d6 a7 ae c3 65 c9 96 a0 c2 87
                    dc 6b 6b cc bd f3 d5 e7 fa a1 82 c8 00 10 00 20
                    87 62 91 c6 b4 8d 56 41 51 dd 24 85 b5 6d fb a4
                    c5 13 bd 0c a1 70 24 00 fc 2a 9b e5 31 95 09 51
        tpm2-policy-hash:
                    d3 f8 df b7 30 c8 0e 41 0a a8 d6 a7 ae c3 65 c9
                    96 a0 c2 87 dc 6b 6b cc bd f3 d5 e7 fa a1 82 c8
        tpm2-pin:         false
        tpm2-pcrlock:     true
        tpm2-salt:        false
        tpm2-srk:         true
        tpm2-pcrlock-nv:  true
        Keyslot:    1
Digests:
  0: pbkdf2
        Hash:       sha256
        Iterations: 341333
        Salt:       b1 58 7e 55 72 6a 0e ed 14 8e 2d e3 e4 79 24 d4 
                    b7 b7 33 4d 4e 31 14 16 08 85 0c eb 08 e2 b3 bf 
        Digest:     d2 bf 81 47 f9 9d 0e 14 a5 ce 07 48 f5 7d fc 27 
                    2e 27 09 d1 62 ed 0f 56 ed a3 b1 ea ce 01 71 93

Yes /var/lib/systemd/pcrlock.json does exist.

{
  "pcrBank": "sha256",
  "pcrValues": [
    {
      "pcr": 0,
      "values": [
        "e7b80781ae0bf76ace0340cc3aad816ac15f8d1b7dc49d75a3025f50d9d0bbed",
        "2f6717e727d8700238a9c21ee607fa8ffbe0bb6a51ce22bf4479939d7046be94"
      ]
    },
    {
      "pcr": 2,
      "values": [
        "3d458cfe55cc03ea1f443f1562beec8df51c75e14a9fcf9a7234a13f198e7969",
        "e21b703ee69c77476bccb43ec0336a9a1b2914b378944f7b00a10214ca8fea93"
      ]
    },
    {
      "pcr": 4,
      "values": [
        "1594d884537c303190e34ab6dbd6a51ad2ef51e0ab6da517e72d509db3765dda",
        "dac23ce7ca141dab270aae4b12ddbf62500e3bafcc6901af5a43d2c516ddadf3"
      ]
    },
    {
      "pcr": 7,
      "values": [
        "4f5cbaca19e07b701c7c7da9ee007038144507b8eb323cdb06e97563095c103c",
        "113fbc6a7a987e8ba72134b772985ff560a49bb48781dec42d7fdeab91e42cac"
      ]
    },
    {
      "pcr": 9,
      "values": [
        "eabc49696fcacf5652a96039274f36403361fbe28c947c74c3ec0e5b808c64e6",
        "5392c9bdb5e5afa52bfe7efa49b73e26dd637327699555c85da204ffc20d4ea8",
        "738e4b9a1f65f64fa0709c49017a9e0c1ecbf068abcd973a6136b1462d0f9012"
      ]
    }
  ],
  "nvIndex": 28154042,
  "nvHandle": "Aa2YugAiAAv7jF0O5pYXol6IIoVApoah6PRKEJzjf5cilvSkX9nVmAAAAAIALgGtmLoACyACEAgAIHC+v9jwdT3Npc3+NPVk18jH+dxJb30byusiqoTc8d3fACI=",
  "nvPublic": "AC4BrZi6AAsAAhAIACBwvr/Y8HU9zaXN/jT1ZNfIx/ncSW99G8rrIqqE3PHd3wAi",
  "srkHandle": "gQAAAQAiAAt8/i+Dgxub1avDhr7iTX8ATyR9v5TsbX7F93z2+us3lQAAAAEAWgAjAAsAAwRyAAAABgCAAEMAEAADABAAIMk7a7cq4jzRE6VU0NRiQ3qOVE2KIwYfESI1g2Q//u9YACB9eZGirW4W2NXzeYNDjVama5v4jVGl8vbn9QjPEX1HMA==",
  "pinPublic": "AE4ACAALAAAAEgAg0/jftzDIDkEKqNanrsNlyZagwofca2vMvfPV5/qhgsgAEAAglpmBbzpqjHcMPwr4K1rO12tHmTyB1wHjrGFH8YU2tkE=",
  "pinPrivate": "AJ4AIMsi2mkT2FSDM++0kKzMB+j+U61zPmr75zpbjDNnE5bzABDJ5/Wy4PaWqB5btWGFACLp2KSCBwTMHrgqABJiJpQU8urCL8LmGVtD013xbnUH8vN7VBtnpGTcThdO9HbGIbbIRpjh+N9TFBZgt9OEKv0TPzmbRJ4DlA3pzDQFLztuHNQSVuaHXCFjP5V02uzdPWTrnVkLmtB0dlin5w=="
}

Do PCR values match? The

tpm2_pcrread sha256:0,2,4,7,9

displays the current values. They must match one of the values listed in JSON file for each PCR.

Yes. They are the ones used comes within the fde-tools package which are 0,2,4,7,9.

I am not sure we are talking about the same thing. You did obtain the PCR values with tpm2_pcrread and compared them with the values stored in JSON?

  sha256:
    0 : 0xE7B80781AE0BF76ACE0340CC3AAD816AC15F8D1B7DC49D75A3025F50D9D0BBED
    2 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
    4 : 0x1594D884537C303190E34AB6DBD6A51AD2EF51E0AB6DA517E72D509DB3765DDA
    7 : 0x4F5CBACA19E07B701C7C7DA9EE007038144507B8EB323CDB06E97563095C103C
    9 : 0xEABC49696FCACF5652A96039274F36403361FBE28C947C74C3EC0E5B808C64E6

This is the result of the tpm2_pcrread sha256:0,2,4,7,9 and I have compared it with the JSON above and it should match.

Try enabling debug output for systemd-cryptsetup:

mkdir /etc/systemd/system/systemd-cryptsetup\@cr_home.service.d
cat > /etc/systemd/system/systemd-cryptsetup\@cr_home.service.d/debug.conf << EOF
[Service]
Environment=SYSTEMD_LOG_LEVEL=debug
EOF

Reboot and upload the full output as root of

journalctl -b --no-pager --full

to https://paste.opensuse.org/

Here you go.

https://paste.opensuse.org/pastes/89f65d2a83f5

Any answers or you’re still investigating?

Sep 22 12:04:10 localhost systemd-cryptsetup[961]: Failed to find TPM2 pcrlock policy file 'pcrlock.json': No such file or directory
...
Sep 22 12:04:11 localhost systemd[1]: Mounting /var...

In the hindsight it is obvious.

For testing you can try copying pcrlock.json somewhere inside the root (e.g. /etc/systemd/pcrlock.json) and adding tpm2-pcrlock= option (see man crypttab for details). It is not a solution because this file will not be updated (and you will need to update TPM2 policy and pcrlock.json every time you get new kernel or rebuild initrd. Which may be your next issue - I am not sure whether sdbootutil TPM2 is actually integrated into kernel updates on Tumbleweed. On MicroOS it is called as tukit plugin).

Otherwise on the first glance it sounds like upstream problem. You may consider opening an issue on the systemd github. Very likely response will be β€œif you need /var that early, mount it in initrd”. Which will then become something for openSUSE maintainers to integrate.

In the meantime you can test it as well, see man dracut.conf, search for add_fstab. This will work also after kernel updates (as long as new kernel measurements are added to the TPM2 policy).

Thanks. I’ll open an issue on the Systemd Github. Regarding the openSUSE Maintainers integrating it. Would you know about how I go about raising it with them?

Just open bug report on https://bugzilla.opensuse.org/