From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.90_1) id 1nXt2o-000767-4k for mharc-grub-devel@gnu.org; Fri, 25 Mar 2022 19:08:34 -0400 Received: from eggs.gnu.org ([209.51.188.92]:44018) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nXt2m-00075o-Q4 for grub-devel@gnu.org; Fri, 25 Mar 2022 19:08:32 -0400 Received: from [2a00:1450:4864:20::22f] (port=38522 helo=mail-lj1-x22f.google.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nXt2k-00039k-UN for grub-devel@gnu.org; Fri, 25 Mar 2022 19:08:32 -0400 Received: by mail-lj1-x22f.google.com with SMTP id s25so12125483lji.5 for ; Fri, 25 Mar 2022 16:08:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=colorremedies-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=D/axpnOrMsG0ynbatFGgo3GfggSbhSQE0DLqaFBu4BU=; b=lPzMVVdv4LBsTJOqwF1uzeXx0KhgybK3HnOsJGBN5k8pVM69KHmQ/f0cJfpqov04F0 yIxe24H9NrO4bSCX96N0OPqw++Gp09tTyGeKgmcpg+ULntNIQ277/oMaTQkumkg8AVpE CVvx8vOlDz6sArJUcJJ4PprQ5pd9vemooXyMbT2EoZA8+CIwgEbtzqkuGWkpDdOXt9hw 6Oy04KRqMfSXjQq/t/5Krog4ScLv9M6zYabRg8thx8Vz3AzM3laO40hhUcy51Cc1z7fb hlnemZN8/tQamvEoxFtLtMD6Og4ie40Jv+ndxBH8uw/1lK/UERrux9Gql8vlq10ZYR7N oS7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=D/axpnOrMsG0ynbatFGgo3GfggSbhSQE0DLqaFBu4BU=; b=bgl0kmUuTmXaWmI6PPniKKAP8q//4PqkyqunYQ/UFaD65ZhO2sjO5mwgqqjmuAPr4V eup8ux7/p/49mM3yenIwc1hWYC2K41XFMvth0ZGuFhu9zClcHnSXyPTzjetEXmDQu/kx fi9VEdbUvgRZcUfwxZcw2crfPfsziEDcmmIV0kp9qY40l5p2C9anZGL/Bc2kEAvkVDpq T2vt8NoAqFnJAoVUPOUhc9bnsM984R4rShyrJPfjadwk0LqCHNguqJLtc4Vz6C3vlZSF fbQ8ZlGhJPaG3OtI4MFp6I1xlWZsbdzqg5LQgmWJKNWPnP7fcOSWvLaUctgUmUjNj+o7 UY8Q== X-Gm-Message-State: AOAM530n9lqW6tsxWmwH/1jm8LHqE8SOqz4UYhlXZ1+tqFyZ0Z0rOjlr IBQXzV7xrLIbiNKrSU5Yz06VfCK9GkbBIkGDPVuzPw== X-Google-Smtp-Source: ABdhPJzPbCbuyY79wM7lZOpA8LmQ4ZwCgnnRjUNvKxnt3BBrZ02nOE0+ab5kWHUo6brnJaToxVTg8kihYr1bW1Y5+xA= X-Received: by 2002:a2e:bf22:0:b0:247:da0b:e091 with SMTP id c34-20020a2ebf22000000b00247da0be091mr9851642ljr.489.1648249707596; Fri, 25 Mar 2022 16:08:27 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Chris Murphy Date: Fri, 25 Mar 2022 17:08:11 -0600 Message-ID: Subject: Re: How to boot Windows when Bitlocker enabled with key sealed in TPM To: Chris Murphy Cc: The development of GNU GRUB Content-Type: text/plain; charset="UTF-8" X-Host-Lookup-Failed: Reverse DNS lookup failed for 2a00:1450:4864:20::22f (failed) Received-SPF: pass client-ip=2a00:1450:4864:20::22f; envelope-from=chris@colorremedies.com; helo=mail-lj1-x22f.google.com X-Spam_score_int: -4 X-Spam_score: -0.5 X-Spam_bar: / X-Spam_report: (-0.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, PDS_HP_HELO_NORDNS=0.659, RCVD_IN_DNSWL_NONE=-0.0001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Mar 2022 23:08:33 -0000 On Fri, Mar 25, 2022 at 5:00 PM Chris Murphy wrote: > > On Fri, Mar 25, 2022 at 2:32 PM Vladimir 'phcoder' Serbinenko > wrote: > > > > On Fri, Mar 25, 2022 at 9:14 PM Chris Murphy wrote: > > > > > > For all practical purposes, this is functionally the end to dual boot > > > in GRUB, if there is no work around, e.g. bootnext. Is that the > > > direction GRUB maintainers want to go in? > > Why don't you just update TPM with new values? Then it will get > > unsealed when booted through GRUB > > How? > > The key is sealed in the TPM so first we need to get the key in order > to (re)seal it with new PCR values. Correct? So we somehow need a way > to boot only the Windows bootloader in order for measured boot to > unseal the key, and then we'd need to somehow measure > shim+grub+windows bootloaders together in order to seal the key with > the new values for those three bootloaders used in that sequence. I > have no idea if that's practical at all. > > The recovery key is not the one sealed in the TPM, they are separate > keys in separate "keyslots". The next problem is that when there's a Linux system update the updates either shim or grub, the shim+grub+windows bootloader measurements have changed and will again fail to unseal the key. It's indistinguishable from the system having been compromised. And now you get to do a clean install of Windows and Linux to get back to functional. Further, should the user need to reinstall Linux, or even boot Windows directly from the firmware's boot manager - they wouldn't be able to. This all sounds quite a lot more difficult than GRUB having the ability to set a bootnext efi variable, and just reboot - let the Windows bootloader handle all of this, and not involve Linux bootloaders. -- Chris Murphy