mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-05-02 06:16:08 -04:00
AB#2316 Configurable enforced PCRs (#361)
* Add warnings for non enforced, untrusted PCRs * Fix global state in Config PCR map Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße
GitHub
parent
9478303f80
commit
ba4471a228
30 changed files with 350 additions and 323 deletions
|
|
@ -54,7 +54,7 @@ func runInitialize(cmd *cobra.Command, args []string) error {
|
|||
fileHandler := file.NewHandler(afero.NewOsFs())
|
||||
serviceAccountCreator := cloudcmd.NewServiceAccountCreator()
|
||||
newDialer := func(validator *cloudcmd.Validator) *dialer.Dialer {
|
||||
return dialer.New(nil, validator.V(), &net.Dialer{})
|
||||
return dialer.New(nil, validator.V(cmd), &net.Dialer{})
|
||||
}
|
||||
helmLoader := &helm.ChartLoader{}
|
||||
return initialize(cmd, newDialer, serviceAccountCreator, fileHandler, helmLoader)
|
||||
|
|
@ -96,7 +96,6 @@ func initialize(cmd *cobra.Command, newDialer func(validator *cloudcmd.Validator
|
|||
if err != nil {
|
||||
return err
|
||||
}
|
||||
cmd.Print(validator.WarningsIncludeInit())
|
||||
|
||||
cmd.Println("Creating service account ...")
|
||||
serviceAccount, stat, err := serviceAccCreator.Create(cmd.Context(), stat, config)
|
||||
|
|
@ -135,6 +134,7 @@ func initialize(cmd *cobra.Command, newDialer func(validator *cloudcmd.Validator
|
|||
KubernetesVersion: config.KubernetesVersion,
|
||||
SshUserKeys: ssh.ToProtoSlice(sshUsers),
|
||||
HelmDeployments: helmDeployments,
|
||||
EnforcedPcrs: getEnforcedMeasurements(provider, config),
|
||||
}
|
||||
resp, err := initCall(cmd.Context(), newDialer(validator), stat.BootstrapperHost, req)
|
||||
if err != nil {
|
||||
|
|
@ -214,6 +214,19 @@ func writeRow(wr io.Writer, col1 string, col2 string) {
|
|||
fmt.Fprint(wr, col1, "\t", col2, "\n")
|
||||
}
|
||||
|
||||
func getEnforcedMeasurements(provider cloudprovider.Provider, config *config.Config) []uint32 {
|
||||
switch provider {
|
||||
case cloudprovider.Azure:
|
||||
return config.Provider.Azure.EnforcedMeasurements
|
||||
case cloudprovider.GCP:
|
||||
return config.Provider.GCP.EnforcedMeasurements
|
||||
case cloudprovider.QEMU:
|
||||
return config.Provider.QEMU.EnforcedMeasurements
|
||||
default:
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
// evalFlagArgs gets the flag values and does preprocessing of these values like
|
||||
// reading the content from file path flags and deriving other values from flag combinations.
|
||||
func evalFlagArgs(cmd *cobra.Command, fileHandler file.Handler) (initFlags, error) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue