Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-12-10 13:40:57 -05:00
Code Issues Projects Releases Packages Wiki Activity

AB#2316 Configurable enforced PCRs (#361)

Browse source 
* Add warnings for non enforced, untrusted PCRs

* Fix global state in Config PCR map

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2022-08-12 15:59:45 +02:00 committed by GitHub
parent 9478303f80
commit ba4471a228
30 changed files with 350 additions and 323 deletions
Download patch file Download diff file Expand all files Collapse all files

2
bootstrapper/internal/initserver/initserver.go
View file

@ -115,6 +115,7 @@ func (s *Server) Init(ctx context.Context, req *initproto.InitRequest) (*initpro
req.CloudServiceAccountUri,
req.KubernetesVersion,
measurementSalt,
req.EnforcedPcrs,
resources.KMSConfig{
MasterSecret: req.MasterSecret,
Salt: req.Salt,
@ -197,6 +198,7 @@ type ClusterInitializer interface {
cloudServiceAccountURI string,
k8sVersion string,
measurementSalt []byte,
enforcedPcrs []uint32,
kmsConfig resources.KMSConfig,
sshUserKeys map[string]string,
helmDeployments []byte,

4
bootstrapper/internal/initserver/initserver_test.go
View file

@ -282,7 +282,9 @@ type stubClusterInitializer struct {
initClusterErr error
}
func (i *stubClusterInitializer) InitCluster(context.Context, []string, string, string, []byte, resources.KMSConfig, map[string]string, []byte, *logger.Logger,
func (i *stubClusterInitializer) InitCluster(
context.Context, []string, string, string, []byte, []uint32,
resources.KMSConfig, map[string]string, []byte, *logger.Logger,
) ([]byte, error) {
return i.initClusterKubeconfig, i.initClusterErr
}