Skip to content

initrd: remove TPM2 primary handle hash check and creation#2153

Open
tlaurion wants to merge 1 commit into
linuxboot:masterfrom
tlaurion:remove-primhdl-hash
Open

initrd: remove TPM2 primary handle hash check and creation#2153
tlaurion wants to merge 1 commit into
linuxboot:masterfrom
tlaurion:remove-primhdl-hash

Conversation

@tlaurion

@tlaurion tlaurion commented Jul 8, 2026

Copy link
Copy Markdown
Collaborator

The kexec_primhdl_hash.txt feature stored a sha256sum of the TPM2 primary handle and verified it on every boot. It was originally added as a canary to detect TPM state changes, then accidentally dropped during the PR #2130 refactoring and re-added as a regression fix in PR #2145.

However, this check is redundant with existing protections:

  • The TPM rollback counter (kexec_rollback.txt) already detects TPM state changes — a different or reset TPM either lacks the counter entirely or holds a different value, causing a fatal mismatch
  • The TPM Disk Unlock Key unseal fails if the primary handle changed, since the key is sealed to the original handle — booting into an OS where the DUK cannot unseal is futile
  • TOTP/HOTP secrets sealed to the TPM similarly fail to unseal on a changed handle

In every realistic scenario the primary handle check catches, either the rollback counter or the TPM unseal (DUK, TOTP, or HOTP) catches it as well, with a clearer error message and the same outcome.

The check also created UX problems: it was fatal (DIE) on mismatch even after an intentional TPM reset, requiring a workaround in the TPM reset flow (which explicitly removed kexec_primhdl_hash.txt). And it added another file to manage in /boot with no non-redundant security value.

Removed from:

  • kexec-select-boot.sh: the boot-time verification check
  • kexec-save-default.sh: PRIMHASH_FILE variable and creation block
  • gui-init.sh: the TPM reset workaround (TODO comment + rm -f)
  • functions.sh: refresh_tpm2_primary_handle_hash() and its caller

Part of discussions for going forward #1655

Either way, I tend to think the primary handle digest on /boot is ineffective, so we should remove it to eliminate the headaches it causes currently.

@JonathonHall-Purism : oppositions?

The kexec_primhdl_hash.txt feature stored a sha256sum of the TPM2
primary handle and verified it on every boot.  It was originally
added as a canary to detect TPM state changes, then accidentally
dropped during the PR linuxboot#2130 refactoring and re-added as a regression
fix in PR linuxboot#2145.

However, this check is redundant with existing protections:

- The TPM rollback counter (kexec_rollback.txt) already detects TPM
  state changes — a different or reset TPM either lacks the counter
  entirely or holds a different value, causing a fatal mismatch
- The TPM Disk Unlock Key unseal fails if the primary handle changed,
  since the key is sealed to the original handle — booting into an
  OS where the DUK cannot unseal is futile
- TOTP/HOTP secrets sealed to the TPM similarly fail to unseal on a
  changed handle

In every realistic scenario the primary handle check catches, either
the rollback counter or the TPM unseal (DUK, TOTP, or HOTP) catches
it as well, with a clearer error message and the same outcome.

The check also created UX problems: it was fatal (DIE) on mismatch
even after an intentional TPM reset, requiring a workaround in the
TPM reset flow (which explicitly removed kexec_primhdl_hash.txt).
And it added another file to manage in /boot with no non-redundant
security value.

Removed from:
- kexec-select-boot.sh: the boot-time verification check
- kexec-save-default.sh: PRIMHASH_FILE variable and creation block
- gui-init.sh: the TPM reset workaround (TODO comment + rm -f)
- functions.sh: refresh_tpm2_primary_handle_hash() and its caller

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
Copilot AI review requested due to automatic review settings July 8, 2026 18:57

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR removes the TPM2 primary handle hash “canary” feature (kexec_primhdl_hash.txt) from the initrd boot flow, relying instead on existing protections (TPM rollback counter + sealed secret unseal behavior) to detect TPM state/handle changes. The change reduces /boot state surface area and eliminates an error path that was problematic after intentional TPM resets.

Changes:

  • Removed boot-time verification of /boot/kexec_primhdl_hash.txt from the kexec boot selector.
  • Stopped generating the primary handle hash file when saving a default boot entry, and removed the helper used to refresh it during signing.
  • Removed the TPM reset flow workaround that explicitly deleted the primary handle hash file.

Reviewed changes

Copilot reviewed 1 out of 4 changed files in this pull request and generated 1 comment.

File Description
initrd/etc/functions.sh Removes refresh_tpm2_primary_handle_hash() and stops calling it during update_checksums().
initrd/bin/kexec-select-boot.sh Removes boot-time TPM2 primary handle hash verification and associated failure handling.
initrd/bin/kexec-save-default.sh Removes primary handle hash file creation when saving default boot config.
initrd/bin/gui-init.sh Removes TPM reset-time deletion of /boot/kexec_primhdl_hash.txt and related messaging.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread initrd/etc/functions.sh
Comment on lines 2335 to 2336
signing_targets="$(find /boot/kexec*.txt 2>/dev/null | tr '\n' ' ')"
DEBUG "update_checksums: signing targets under /boot: ${signing_targets:-<none>}"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants