diff options
author | Lennart Poettering <lennart@poettering.net> | 2022-04-14 14:46:40 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2022-04-20 17:49:17 +0200 |
commit | b6553329c03aec306351933843a5a3e0a5a7bfe2 (patch) | |
tree | c090de0a4d986a3e354be2f8f53948cd3edf02d5 /src/creds | |
parent | 571d829ee49147c588e53a1f107c29fd23968581 (diff) | |
download | systemd-b6553329c03aec306351933843a5a3e0a5a7bfe2.tar.gz |
creds-util: permit credentials encrypted/signed by fixed zero length keys as fallback for systems lacking TPM2
This is supposed to be useful when generating credentials for immutable
initrd environments, where it is is relevant to support credentials even
on systems lacking a TPM2 chip.
With this, if `systemd-creds encrypt --with-key=auto-initrd` is used a
credential will be encrypted/signed with the TPM2 if it is available and
recognized by the firmware. Otherwise it will be encrypted/signed with
the fixed empty key, thus providing no confidentiality or authenticity.
The idea is that distributions use this mode to generically create
credentials that are as locked down as possible on the specific
platform.
Diffstat (limited to 'src/creds')
-rw-r--r-- | src/creds/creds.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/creds/creds.c b/src/creds/creds.c index 501eb2deb8..c5a1dc506c 100644 --- a/src/creds/creds.c +++ b/src/creds/creds.c @@ -560,7 +560,7 @@ static int verb_help(int argc, char **argv, void *userdata) { " --timestamp=TIME Include specified timestamp in encrypted credential\n" " --not-after=TIME Include specified invalidation time in encrypted\n" " credential\n" - " --with-key=host|tpm2|host+tpm2|auto\n" + " --with-key=host|tpm2|host+tpm2|tpm2-absent|auto|auto-initrd\n" " Which keys to encrypt with\n" " -H Shortcut for --with-key=host\n" " -T Shortcut for --with-key=tpm2\n" @@ -685,12 +685,16 @@ static int parse_argv(int argc, char *argv[]) { case ARG_WITH_KEY: if (isempty(optarg) || streq(optarg, "auto")) arg_with_key = _CRED_AUTO; + else if (streq(optarg, "auto-initrd")) + arg_with_key = _CRED_AUTO_INITRD; else if (streq(optarg, "host")) arg_with_key = CRED_AES256_GCM_BY_HOST; else if (streq(optarg, "tpm2")) arg_with_key = CRED_AES256_GCM_BY_TPM2_HMAC; else if (STR_IN_SET(optarg, "host+tpm2", "tpm2+host")) arg_with_key = CRED_AES256_GCM_BY_HOST_AND_TPM2_HMAC; + else if (streq(optarg, "tpm2-absent")) + arg_with_key = CRED_AES256_GCM_BY_TPM2_ABSENT; else return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Unknown key type: %s", optarg); |