constellation/disk-mapper/README.md

# disk-mapper

The disk-mapper is a binary that runs during the initramfs of a Constellation node.

If running on a new node, it handles setting up the node's state disk by creating an integrity protected encrypted partition.

On a rebooting node, the disk-mapper handles recovery of the node by requesting a decryption key for its state disk.
Once the disk is decrypted, the measurement salt is read from disk and used to extend a PCR to mark the node as initialized.

## Testing

Integration test is available in `disk-mapper/test/integration_test.go`.
The integration test requires root privileges since it uses dm-crypt.
Build and run the test:

```bash
go test -c -tags=integration ./disk-mapper/internal/test/
sudo ./test.test
```
dev-docs: Go package docs (#958) * Remove unused package * Add Go package docs to most packages Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Fabian Kammel <fk@edgeless.systems> Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Fabian Kammel <fk@edgeless.systems> 2023-01-19 09:57:50 -05:00			`# disk-mapper`
Add state disk volume mounter Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-05 09:12:20 -04:00
dev-docs: Go package docs (#958) * Remove unused package * Add Go package docs to most packages Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Fabian Kammel <fk@edgeless.systems> Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Fabian Kammel <fk@edgeless.systems> 2023-01-19 09:57:50 -05:00			`The disk-mapper is a binary that runs during the initramfs of a Constellation node.`

			`If running on a new node, it handles setting up the node's state disk by creating an integrity protected encrypted partition.`

			`On a rebooting node, the disk-mapper handles recovery of the node by requesting a decryption key for its state disk.`
			`Once the disk is decrypted, the measurement salt is read from disk and used to extend a PCR to mark the node as initialized.`
Add state disk volume mounter Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-05 09:12:20 -04:00
			`## Testing`

AB#2260 Refactor disk-mapper recovery (#82) * Refactor disk-mapper recovery * Adapt constellation recover command to use new disk-mapper recovery API * Fix Cilium connectivity on rebooting nodes (#89) * Lower CoreDNS reschedule timeout to 10 seconds (#93) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-09-08 08:45:27 -04:00			Integration test is available in `disk-mapper/test/integration_test.go`.
Add state disk volume mounter Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-05 09:12:20 -04:00			`The integration test requires root privileges since it uses dm-crypt.`
			`Build and run the test:`
Fix stateservice test and increase speed 2022-06-01 04:14:36 -04:00
Add state disk volume mounter Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-05 09:12:20 -04:00			```bash
dev-docs: Go package docs (#958) * Remove unused package * Add Go package docs to most packages Signed-off-by: Daniel Weiße <dw@edgeless.systems> Signed-off-by: Fabian Kammel <fk@edgeless.systems> Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Fabian Kammel <fk@edgeless.systems> 2023-01-19 09:57:50 -05:00			`go test -c -tags=integration ./disk-mapper/internal/test/`
Add state disk volume mounter Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-04-05 09:12:20 -04:00			`sudo ./test.test`
			```