Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-10-30 11:19:00 -04:00
Code Issues Projects Releases Packages Wiki Activity
constellation/disk-mapper
History
Daniel Weiße 3a7b829107
internal: use go-kms-wrapping for KMS backends (#1012) 
* Replace external KMS backend logic for AWS, Azure, and GCP with go-kms-wrapping

* Move kms client setup config into its own package for easier parsing

* Update kms integration flag naming

* Error if nil storage is passed to external KMS

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-02-08 12:03:54 +01:00
..
cmd Refactor init/recovery to use kms URI 2023-01-19 13:14:55 +01:00
internal internal: use go-kms-wrapping for KMS backends (#1012) 2023-02-08 12:03:54 +01:00
recoverproto ci: add workflow for proto code generation check 2023-01-23 12:20:37 +01:00
README.md dev-docs: Go package docs (#958) 2023-01-19 15:57:50 +01:00

README.md

disk-mapper

The disk-mapper is a binary that runs during the initramfs of a Constellation node.

If running on a new node, it handles setting up the node's state disk by creating an integrity protected encrypted partition.

On a rebooting node, the disk-mapper handles recovery of the node by requesting a decryption key for its state disk. Once the disk is decrypted, the measurement salt is read from disk and used to extend a PCR to mark the node as initialized.

Testing

Integration test is available in disk-mapper/test/integration_test.go. The integration test requires root privileges since it uses dm-crypt. Build and run the test:

go test -c -tags=integration ./disk-mapper/internal/test/
sudo ./test.test