Add support for pinning a specific volume key digest
There are external token handlers (for example, those included with systemd-cryptsetup) that establish sources of truth other than the user. For example, systemd can unlock a device with the TPM. In this configuration, you would have at least two keyslots:
- The token slot for the TPM
- A normal password keyslot, as a backup, in case the TPM changes
The problem is that the TPM does not measure the contents of the disk, so an attacker could replace the entire contents of the disk with a partition that contains a backup keyslot that they control and an operating system that they control, and extract secrets from the TPM. This attack requires considerably less resources than attacking the hardware directly.
This pull request adds support for preventing this specific attack by mandating the use of a specific digest.
This feature might have additional utility in the future; for example, you could bind multiple keyslots to different digests and pin one of them, requiring a subset of all of the keyslots to be used to unlock the device.