`boot.initrd.clevis.devices.<name>.secretFile` leaks the secret into nix store

[havaker]

Issue description

boot.initrd.clevis.devices.<name>.secretFile has a type of path in NixOS 24.05. This means that every *.jwe file used with this option ends up in world-readable nix store.

Why this seems disturbing?

To the best of my knowledge, when using a Tang pin, the *.jwe file contains everything needed for an interaction with the Tang server that results in key decryption.

To validate this thesis, I've set up an experiment with 2 machines: S that acted as a Tang server and C that used Clevis to decrypt a LUKS partition on boot. After C performed successful unattended boot, I've logged in as an unprivileged user and run:

find /nix/store -name '*.jwe' -execdir clevis decrypt {} ';'

It printed the LUKS passphrase. I also tried copying the *.jwe file to another machine (that was able to contact the Tang server), run clevis decrypt < *.jwe there, and also recovered LUKS passphrase.

Recommendations

In the Security Considerations subsection of Tang's readme it is said that:

it is of utmost importance that the client protect cJWK from prying eyes. This may include device permissions, filesystem permissions, security frameworks (such as SELinux) or even the use of hardware encryption such as a TPM.

Looking at the above experiment, it seems to me that the cJWK can be read from the *.jwe file; therefore, this file should be treated as a proper secret and not included in the nix store.

[dotlambda]

You should set boot.initrd.clevis.devices.foobar.secretFile = "/path/to/file" (note the quotes) in order not to put it in the Nix store.