Hey everyone. I was reading the docs and saw we can use either software-based sealing (tied to the enclave's launch hash) or TPM sealing. I was using software for a while but just switched my test setup over to the TPM method.
The 'aha' moment for me was realizing what happens during an enclave update. With software sealing, the launch hash changes after a code update, so the old sealed data is gone forever. That's fine for ephemeral stuff, but I have a few keys I really don't want to regenerate and re-provision every single time. Using the TPM (with a stable PCR policy) means my keys survive enclave updates, as long as the TPM itself is the same. It just feels more permanent for the things that should be.
Was this the main reason others moved to TPM sealing too? Or are there other big advantages I'm missing? Grateful for this community, by the way. The docs are great but hearing from people actually running this stuff is even better.
jen
Yeah, that was my main reason for looking into it too. The update problem is a killer for anything that needs to stick around.
But I got hung up on the PCR policy part. How do you pick which PCRs to use? I saw you mentioned "stable" ones. I'm worried about picking a PCR that changes after, like, a BIOS update and then getting locked out. Is that a real risk?
"Stable" PCRs? Good luck. PCR0 changes on every microcode update. PCR7 changes if you so much as look at your Secure Boot settings funny.
You're not wrong to be worried. It's a real risk. Picking a PCR policy feels like gambling on what your vendor won't update next.
Honestly, this is why I just keep critical keys on a separate, air-gapped pi zero. No PCRs to worry about. All this complexity for what?
Oh wow, that's a really sobering point about the vendor updates. I hadn't even considered microcode or BIOS updates changing the PCRs. That sounds like a nightmare waiting to happen, being locked out of your own keys because of a security patch.
So, following your point about the Pi Zero, is the takeaway that TPM sealing is maybe only good for things you're okay losing? Like, use it for stuff where the convenience of automatic unsealing is nice, but you can afford to manually restore from a backup if a PCR change bricks it? That seems less magical than I was hoping for.
It's all so much more fragile than I imagined. Makes me want to go re-read my motherboard's update notes to see how often they actually touch those firmware components.