Recovery shell should be able to sign root filesystem

[osresearch]

The safeboot linux-sign script needs to be modified to be usable from the initrd recovery shell. This might mean importing sbsigntool and the associated libraries into the initrd. Currently it is necessary to boot all the way into full linux to resign them.

[osresearch]

With #58 almost ready to merge, it would be helpful if the recovery initrd could also sign the PCRs.

[osresearch]

Lots of things need to be bundled into the initrd:

• bash
• openssl
• openssl pkcs11 engine
• opensc files
• sbsign.safeboot
• pcscd
• various utilities: xxd, chattr
• maybe perl. this is a problem; can we remove dependencies on it?

[osresearch]

The pcscd daemon is a bit of a pain. Rather than have the openssl pkcs11 engine talk directly to the card, it goes through this other proces, which means it and all of its dependencies also have to be in the recovery image. Luckily there is a template for what is needed since /usr/share/initramfs/hooks/cryptopensc also uses it. The downside is that openssl isn't talking to it.

[osresearch]

Also need objcopy and efibootmgr. The systemd-boot stub /usr/lib/systemd/boot/eif/linuxx64.efi.stub needs to be accessible as well; it could live in the initrd since it is small, which would remove the need to mount the / partition.

And sbsigntool.safeboot needs /etc/safeboot/cert.pem.

[osresearch]

crypt_unlock script could become part of /sbin/safeboot. Also need to add helpers for mounting /boot and /boot/efi, as well as ensure that /dev/mapper/vgubuntu-root is fsck'ed before writing. Need to umount the devices before rebooting.

Also missing fsck.fat. which is necessary if /boot/efi is corrupt.

[osresearch]

And all of those together make it work, with some hand run commands. Need to make it smoother so that things like /boot/efi aren't left in an unclean state (do not forget to umount /boot/efi!!!), the pcscd -f smart card daemon is running before waiting a minute to compute the dmverity hashes, etc.

[osresearch]

While recovery now has all the tools in #65 , the PCR2 varies depending on if the recovery boot is entered via "Boot Menu" or via safeboot recovery-reboot (which uses the UEFI NVRAM BootNext). As a quick hack the non-boot menu entry will only have an EV_SEPARATOR measured into it.