IncusOS LUKS Encryption Bypass Vulnerability via TPM Manipulation

A vulnerability in IncusOS prior to version 202603142010 allows an attacker with physical access to bypass LUKS encryption and access encrypted data. The issue arises from the default systemd-cryptenroll configuration, which improperly manages TPM policies. This misconfiguration enables the TPM to release the LUKS key to a system that has been manipulated to present a fake root partition, all while maintaining the appearance of a secure boot process. The vulnerability exploits the TPM's automatic key release feature, which can be manipulated without altering the TPM's state or the Secure Boot environment.

Impact

Exploitation of this vulnerability allows for unauthorized access to encrypted data by bypassing LUKS encryption through a physical attack that manipulates the system's partitioning and takes advantage of the TPM's key management features.

Reproduction

To reproduce this vulnerability, an attacker must first replace the original encrypted root partition with a controlled one, ensuring it mimics the expected filesystem structure. After booting the system with this fake partition, the TPM will unlock the real root partition's encryption, allowing access to the data. This process can be automated with a systemd unit placed in the fake root partition.

Remediation

Users should update to IncusOS version 202603142010 or later, which includes a fix that binds LUKS encryption to an uninitialized PCR15 value. This update prevents the TPM from automatically unlocking encrypted volumes after the initrd phase, thereby closing the vulnerability.