mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-01-04 12:20:52 -05:00
69 lines
1.5 KiB
Go
69 lines
1.5 KiB
Go
package main
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"flag"
|
|
"os"
|
|
"path/filepath"
|
|
|
|
"github.com/edgelesssys/constellation/coordinator/config"
|
|
"github.com/edgelesssys/constellation/internal/utils"
|
|
"github.com/edgelesssys/constellation/state/keyservice"
|
|
"github.com/edgelesssys/constellation/state/mapper"
|
|
)
|
|
|
|
const (
|
|
keyPath = "/run/cryptsetup-keys.d"
|
|
keyFile = "state.key"
|
|
)
|
|
|
|
var csp = flag.String("csp", "", "Cloud Service Provider the image is running on")
|
|
|
|
func main() {
|
|
flag.Parse()
|
|
diskPath, err := mapper.GetDiskPath(*csp)
|
|
if err != nil {
|
|
utils.KernelPanic(err)
|
|
}
|
|
|
|
mapper, err := mapper.New(diskPath)
|
|
if err != nil {
|
|
utils.KernelPanic(err)
|
|
}
|
|
defer mapper.Close()
|
|
|
|
if mapper.IsLUKSDevice() {
|
|
uuid := mapper.DiskUUID()
|
|
_, err = keyservice.WaitForDecryptionKey(*csp, uuid)
|
|
} else {
|
|
err = formatDisk(mapper)
|
|
}
|
|
|
|
if err != nil {
|
|
utils.KernelPanic(err)
|
|
}
|
|
}
|
|
|
|
func formatDisk(mapper *mapper.Mapper) error {
|
|
// generate and save temporary passphrase
|
|
if err := os.MkdirAll(keyPath, os.ModePerm); err != nil {
|
|
utils.KernelPanic(err)
|
|
}
|
|
passphrase := make([]byte, config.RNGLengthDefault)
|
|
if _, err := rand.Read(passphrase); err != nil {
|
|
utils.KernelPanic(err)
|
|
}
|
|
if err := os.WriteFile(filepath.Join(keyPath, keyFile), passphrase, 0o400); err != nil {
|
|
utils.KernelPanic(err)
|
|
}
|
|
|
|
if err := mapper.FormatDisk(string(passphrase)); err != nil {
|
|
utils.KernelPanic(err)
|
|
}
|
|
if err := mapper.MapDisk("state", string(passphrase)); err != nil {
|
|
utils.KernelPanic(err)
|
|
}
|
|
|
|
return nil
|
|
}
|