Adding default PCR12 validation to ensure that account operators can not modify kernel command line parameters, potentially bypassing root filesystem integrity validation.
Attestable AMIs are based on the systemd Unified Kernel Image (UKI) concept which uses systemd-boot to create a single measured UEFI binary from a Linux kernel, its initramfs, and kernel command line. The embedded kernel command line contains a dm-verity hash value that establishes trust in the root file system.
When UEFI Secure Boot is disabled, systemd-boot appends any command line it receives to the kernel command line. Account operators with the ability to modify UefiData can install a boot variable with a command line that deactivates root file system integrity validation, while preserving the original PCR4 value.
Systemd-boot provides separate measurement of command line modifications in PCR12.
In line with the TPM 2.0 specification and systemd-stub logic, KMS policies that do not include validation for PCR12 (command line measurement) or PCR7 (enabled Secure Boot) may allow kernel command line modification by an account operator.
Version 1.1.0 of nitro-tpm-pcr-compute has been updated to include PCR12 with a static zero value. The updated tool now outputs PCR12 in the JSON measurements:
{
"Measurements": {
"HashAlgorithm": "SHA384",
"PCR4": "<hex string>",
"PCR7": "<hex string>",
"PCR12": "000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
}
}
For users who cannot upgrade to version 1.1.0 of nitro-tpm-pcr-compute immediately, the following workarounds are available:
kms:RecipientAttestation:NitroTPMPCR12:000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
1.1.0Exploitability
AV:LAC:LPR:HUI:NScope
S:UImpact
C:HI:HA:NCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N