miampf
f16ccf5679
rewrote packages
...
keyservice
joinservice
upgrade-agent
measurement-reader
debugd
disk-mapper
rewrote joinservice main
rewrote some unit tests
rewrote upgrade-agent + some grpc functions
rewrote measurement-reader
rewrote debugd
removed unused import
removed forgotten zap reference in measurements reader
rewrote disk-mapper + tests
rewrote packages
verify
disk-mapper
malicious join
bootstrapper
attestationconfigapi
versionapi
internal/cloud/azure
disk-mapper tests
image/upload/internal/cmd
rewrote verify (WIP with loglevel increase)
rewrote forgotten zap references in disk-mapper
rewrote malicious join
rewrote bootstrapper
rewrote parts of internal/
rewrote attestationconfigapi (WIP)
rewrote versionapi cli
rewrote internal/cloud/azure
rewrote disk-mapper tests (untested by me rn)
rewrote image/upload/internal/cmd
removed forgotten zap references in verify/cmd
rewrote packages
hack/oci-pin
hack/qemu-metadata-api
debugd/internal/debugd/deploy
hack/bazel-deps-mirror
cli/internal/cmd
cli-k8s-compatibility
rewrote hack/qemu-metadata-api/server
rewrote debugd/internal/debugd/deploy
rewrote hack/bazel-deps-mirror
rewrote rest of hack/qemu-metadata-api
rewrote forgotten zap references in joinservice server
rewrote cli/internal/cmd
rewrote cli-k8s-compatibility
rewrote packages
internal/staticupload
e2d/internal/upgrade
internal/constellation/helm
internal/attestation/aws/snp
internal/attestation/azure/trustedlaunch
joinservice/internal/certcache/amkds
some missed unit tests
rewrote e2e/internal/upgrade
rewrote internal/constellation/helm
internal/attestation/aws/snp
internal/attestation/azure/trustedlaunch
joinservice/internal/certcache/amkds
search and replace test logging over all left *_test.go
2024-02-08 13:14:14 +01:00
miampf
48d5a157dd
rewrote doc/description strings in logger
...
fixed some stuff I didn't see
replaced forgotten zap reference
removed unneeded dependency
2024-02-08 13:12:28 +01:00
Otto Bittner
1d5a8283e0
cli: use Semver type to represent microservice versions ( #2125 )
...
Previously we used strings to pass microservice versions. This invited
bugs due to missing input validation.
2023-07-25 14:20:25 +02:00
Daniel Weiße
6a40c73ff7
disk-mapper: set LUKS2 token to allow reusing unintialized state disks ( #2083 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-07-18 16:20:03 +02:00
Daniel Weiße
ac1128d07f
cryptsetup: unify code ( #2043 )
...
* Add common backend for interacting with cryptsetup
* Use common cryptsetup backend in bootstrapper
* Use common cryptsetup backend in disk-mapper
* Use common cryptsetup backend in csi lib
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-07-17 13:55:31 +02:00
Paul Meyer
149820fdce
diskmapper: fix zap.Error without err ( #2012 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-07-05 10:07:05 +02:00
Otto Bittner
8f21972aec
attestation: add awsSEVSNP
as new variant ( #1900 )
...
* variant: move into internal/attestation
* attesation: move aws attesation into subfolder nitrotpm
* config: add aws-sev-snp variant
* cli: add tf option to enable AWS SNP
For now the implementations in aws/nitrotpm and aws/snp
are identical. They both contain the aws/nitrotpm impl.
A separate commit will add the actual attestation logic.
2023-06-09 15:41:02 +02:00
Daniel Weiße
c478df36fa
Add TDX bazel files
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
Daniel Weiße
bda999d54e
Use TDX device to mark node as initialized ( #1426 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
Malte Poll
d104af6e51
image: support intel TDX direct linux boot under TDX OVMF
2023-05-17 11:37:26 +02:00
Daniel Weiße
99b12e4035
internal: refactor oid package to variant package ( #1538 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-29 09:30:13 +02:00
Daniel Weiße
83d10b0e70
hack: remove unused tools ( #1387 )
...
* Remove unused pcr-compare tool
* Remove unused pcr-reader tool
* Remove obsolete image-measurement tool
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-09 16:59:33 +01:00
Daniel Weiße
5bad5f768b
attestation: create issuer based on kernel cmd line ( #1355 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-09 09:47:28 +01:00
Paul Meyer
ebf7dd8842
openstack: use metadata client where possible
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-08 09:04:57 -05:00
Malte Poll
fc33a74c78
constants: make VersionInfo readonly ( #1316 )
...
The variable VersionInfo is supposed to be set by `go build -X ...` during link time but should not be modified at runtime.
This change ensures the underlying var is private and can only be accessed by a public getter.
2023-03-01 11:55:12 +01:00
Paul Meyer
d0109b833e
disk-mapper: make openstack image bootable ( #1312 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-01 10:39:32 +01:00
Daniel Weiße
b3486fc32b
intenal: add logging to attestation issuer ( #1264 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-02-28 16:34:18 +01:00
Malte Poll
b79f7d0c8c
cli: add basic support for constellation create
on OpenStack ( #1283 )
...
* image: support OpenStack image build / upload
* cli: add OpenStack terraform template
* config: add OpenStack as CSP
* versionsapi: add OpenStack as CSP
* cli: add OpenStack as provider for `config generate` and `create`
* disk-mapper: add basic support for boot on OpenStack
* debugd: add placeholder for OpenStack
* image: fix config file sourcing for image upload
2023-02-27 18:19:52 +01:00
leongross
efc0cec4e1
image: verbose debugging options ( #1159 )
2023-02-24 14:25:39 +01:00
Otto Bittner
9a1f52e94e
Refactor init/recovery to use kms URI
...
So far the masterSecret was sent to the initial bootstrapper
on init/recovery. With this commit this information is encoded
in the kmsURI that is sent during init.
For recover, the communication with the recoveryserver is
changed. Before a streaming gRPC call was used to
exchanges UUID for measurementSecret and state disk key.
Now a standard gRPC is made that includes the same kmsURI &
storageURI that are sent during init.
2023-01-19 13:14:55 +01:00
Daniel Weiße
f8001efbc0
Refactor enforced/expected PCRs ( #553 )
...
* Merge enforced and expected measurements
* Update measurement generation to new format
* Write expected measurements hex encoded by default
* Allow hex or base64 encoded expected measurements
* Allow hex or base64 encoded clusterID
* Allow security upgrades to warnOnly flag
* Upload signed measurements in JSON format
* Fetch measurements either from JSON or YAML
* Use yaml.v3 instead of yaml.v2
* Error on invalid enforced selection
* Add placeholder measurements to config
* Update e2e test to new measurement format
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-24 10:57:58 +01:00
Daniel Weiße
5efe05d933
AB#2525 clean up unused code ( #504 )
...
* Rename Metadata->Cloud
* Remove unused methods, functions, and variables
* More privacy for testing stubs
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-15 10:31:55 +01:00
Daniel Weiße
f41c54e837
AB#2524 Refactor Azure metadata/cloud API ( #477 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-15 09:08:18 +01:00
Daniel Weiße
a07cab4b97
Update go-tpm dependency ( #533 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-14 09:02:56 +01:00
Daniel Weiße
c9873f2bfb
AB#2523 Refactor GCP metadata/cloud API ( #387 )
...
* Refactor GCP metadata/cloud API
* Remove cloud controller manager from metadata package
* Remove PublicIP
* Move shared cloud packages
* Remove dead code
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-09 14:43:48 +01:00
Leonard Cohnen
02602716b5
disk-mapper: add AWS attestation
2022-11-02 23:29:04 +01:00
Leonard Cohnen
7a6a0766e8
undefine more -v flags due to glog
2022-10-30 22:13:58 +01:00
Daniel Weiße
c1b4193791
Add support for AWS to disk-mapper ( #329 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-21 15:04:34 +02:00
katexochen
ba6e41ed5c
Upgrade go module to v2
2022-09-22 09:10:19 +02:00
Daniel Weiße
e367e1a68b
AB#2261 Add loadbalancer for control-plane recovery ( #151 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-14 13:25:42 +02:00
Daniel Weiße
8cb155d5c5
AB#2260 Refactor disk-mapper recovery ( #82 )
...
* Refactor disk-mapper recovery
* Adapt constellation recover command to use new disk-mapper recovery API
* Fix Cilium connectivity on rebooting nodes (#89 )
* Lower CoreDNS reschedule timeout to 10 seconds (#93 )
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-08 14:45:27 +02:00