initrd: remove TPM2 primary handle hash check and creation#2153
Open
tlaurion wants to merge 1 commit into
Open
initrd: remove TPM2 primary handle hash check and creation#2153tlaurion wants to merge 1 commit into
tlaurion wants to merge 1 commit into
Conversation
The kexec_primhdl_hash.txt feature stored a sha256sum of the TPM2 primary handle and verified it on every boot. It was originally added as a canary to detect TPM state changes, then accidentally dropped during the PR linuxboot#2130 refactoring and re-added as a regression fix in PR linuxboot#2145. However, this check is redundant with existing protections: - The TPM rollback counter (kexec_rollback.txt) already detects TPM state changes — a different or reset TPM either lacks the counter entirely or holds a different value, causing a fatal mismatch - The TPM Disk Unlock Key unseal fails if the primary handle changed, since the key is sealed to the original handle — booting into an OS where the DUK cannot unseal is futile - TOTP/HOTP secrets sealed to the TPM similarly fail to unseal on a changed handle In every realistic scenario the primary handle check catches, either the rollback counter or the TPM unseal (DUK, TOTP, or HOTP) catches it as well, with a clearer error message and the same outcome. The check also created UX problems: it was fatal (DIE) on mismatch even after an intentional TPM reset, requiring a workaround in the TPM reset flow (which explicitly removed kexec_primhdl_hash.txt). And it added another file to manage in /boot with no non-redundant security value. Removed from: - kexec-select-boot.sh: the boot-time verification check - kexec-save-default.sh: PRIMHASH_FILE variable and creation block - gui-init.sh: the TPM reset workaround (TODO comment + rm -f) - functions.sh: refresh_tpm2_primary_handle_hash() and its caller Signed-off-by: Thierry Laurion <insurgo@riseup.net>
There was a problem hiding this comment.
Pull request overview
This PR removes the TPM2 primary handle hash “canary” feature (kexec_primhdl_hash.txt) from the initrd boot flow, relying instead on existing protections (TPM rollback counter + sealed secret unseal behavior) to detect TPM state/handle changes. The change reduces /boot state surface area and eliminates an error path that was problematic after intentional TPM resets.
Changes:
- Removed boot-time verification of
/boot/kexec_primhdl_hash.txtfrom the kexec boot selector. - Stopped generating the primary handle hash file when saving a default boot entry, and removed the helper used to refresh it during signing.
- Removed the TPM reset flow workaround that explicitly deleted the primary handle hash file.
Reviewed changes
Copilot reviewed 1 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| initrd/etc/functions.sh | Removes refresh_tpm2_primary_handle_hash() and stops calling it during update_checksums(). |
| initrd/bin/kexec-select-boot.sh | Removes boot-time TPM2 primary handle hash verification and associated failure handling. |
| initrd/bin/kexec-save-default.sh | Removes primary handle hash file creation when saving default boot config. |
| initrd/bin/gui-init.sh | Removes TPM reset-time deletion of /boot/kexec_primhdl_hash.txt and related messaging. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
2335
to
2336
| signing_targets="$(find /boot/kexec*.txt 2>/dev/null | tr '\n' ' ')" | ||
| DEBUG "update_checksums: signing targets under /boot: ${signing_targets:-<none>}" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The kexec_primhdl_hash.txt feature stored a sha256sum of the TPM2 primary handle and verified it on every boot. It was originally added as a canary to detect TPM state changes, then accidentally dropped during the PR #2130 refactoring and re-added as a regression fix in PR #2145.
However, this check is redundant with existing protections:
In every realistic scenario the primary handle check catches, either the rollback counter or the TPM unseal (DUK, TOTP, or HOTP) catches it as well, with a clearer error message and the same outcome.
The check also created UX problems: it was fatal (DIE) on mismatch even after an intentional TPM reset, requiring a workaround in the TPM reset flow (which explicitly removed kexec_primhdl_hash.txt). And it added another file to manage in /boot with no non-redundant security value.
Removed from:
Part of discussions for going forward #1655
@JonathonHall-Purism : oppositions?