NAME
systemd-pcrphase.service, systemd-pcrphase-sysinit.service, systemd-pcrphase-initrd.service, systemd-pcrphase - Measure boot phase into TPM2 PCR 11SYNOPSIS
systemd-pcrphase.service systemd-pcrphase-sysinit.service systemd-pcrphase-initrd.service /lib/systemd/system-pcrphase STRINGDESCRIPTION
systemd-pcrphase.service, systemd-pcrphase-sysinit.service and systemd-pcrphase-initrd.service are system services that measure specific strings into TPM2 PCR 11 during boot at various milestones of the boot process. These services require systemd-stub(7) to be used in a unified kernel image (UKI) setup. They execute no operation when invoked when the stub has not been used to invoke the kernel. The stub will measure the invoked kernel and associated vendor resources into PCR 11 before handing control to it; once userspace is invoked these services then will extend certain literal strings indicating various phases of the boot process into TPM2 PCR 11. During a regular boot process the following strings are extended into PCR 11. 1."enter-initrd" is extended into
PCR 11 early when the initrd initializes, before activating system extension
images for the initrd. It is supposed to act as barrier between the time where
the kernel initializes, and where the initrd starts operating and enables
system extension images, i.e. code shipped outside of the UKI. (This string is
extended at start of systemd-pcrphase-initrd.service.)
2."leave-initrd" is extended into
PCR 11 when the initrd is about to transition into the host file system, i.e.
when it achieved its purpose. It is supposed to act as barrier between
kernel/initrd code and host OS code. (This string is extended at stop of
systemd-pcrphase-initrd.service.)
3."sysinit" is extended into PCR 11
when basic system initialization is complete (which includes local file
systems have been mounted), and the system begins starting regular system
services. (This string is extended at start of
systemd-pcrphase-sysinit.service.)
4."ready" is extended into PCR 11
during later boot-up, after remote file systems have been activated (i.e.
after remote-fs.target), but before users are permitted to log in (i.e. before
systemd-user-sessions.service). It is supposed to act as barrier between the
time where unprivileged regular users are still prohibited to log in and where
they are allowed to log in. (This string is extended at start of
systemd-pcrphase.service.)
5."shutdown" is extended into PCR
11 when system shutdown begins. It is supposed to act as barrier between the
time the system is fully up and running and where it is about to shut down.
(This string is extended at stop of systemd-pcrphase.service.)
6."final" is extended into PCR 11
at the end of system shutdown. It is supposed to act as barrier between the
time the service manager still runs and when it transitions into the final
boot phase where service management is not available anymore. (This string is
extended at stop of systemd-pcrphase-sysinit.service.)
During a regular system lifecycle, the strings "enter-initrd" →
"leave-initrd" → "sysinit" →
"ready" → "shutdown" → "final" are
extended into PCR 11, one after the other.
Specific phases of the boot process may be referenced via the series of strings
measured, separated by colons (the "boot path"). For example, the
boot path for the regular system runtime is
"enter-initrd:leave-initrd:sysinit:ready", while the one for the
initrd is just "enter-initrd". The boot path for the the boot phase
before the initrd, is an empty string; because that's hard to pass around a
single colon (":") may be used instead. Note that the aforementioned
six strings are just the default strings and individual systems might measure
other strings at other times, and thus implement different and more
fine-grained boot phases to bind policy to.
By binding policy of TPM2 objects to a specific boot path it is possible to
restrict access to them to specific phases of the boot process, for example
making it impossible to access the root file system's encryption key after the
system transitioned from the initrd into the host root file system.
Use systemd-measure(1) to pre-calculate expected PCR 11 values for
specific boot phases (via the --phase= switch).
OPTIONS
The /lib/systemd/system-pcrphase executable may also be invoked from the command line, where it expects the word to extend into PCR 11, as well as the following switches: --bank=Takes the PCR banks to extend the specified
word into. If not specified the tool automatically determines all enabled PCR
banks and measures the word into all of them.
--tpm2-device=PATH
Controls which TPM2 device to use. Expects a
device node path referring to the TPM2 chip (e.g. /dev/tpmrm0). Alternatively
the special value "auto" may be specified, in order to automatically
determine the device node of a suitable TPM2 device (of which there must be
exactly one). The special value "list" may be used to enumerate all
suitable TPM2 devices currently discovered.
--graceful
If no TPM2 firmware, kernel subsystem, kernel
driver or device support is found, exit with exit status 0 (i.e. indicate
success). If this is not specified any attempt to measure without a TPM2
device will cause the invocation to fail.
-h, --help
Print a short help text and exit.
--version
Print a short version string and exit.
SEE ALSO
systemd(1), systemd-stub(7), systemd-measure(1)systemd 252 |