Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

using tpm to store node identity seed #1790

Merged
merged 12 commits into from
Sep 7, 2022
Merged

using tpm to store node identity seed #1790

merged 12 commits into from
Sep 7, 2022

Conversation

muhamadazmy
Copy link
Member

@muhamadazmy muhamadazmy commented Aug 23, 2022
edited
Loading

Depends on #1787

This will does the following:

  • For nodes that has tpm, use tpm to store node seed
  • Nodes without tpm, will continue use a file on disk
  • Nodes that already has a key file, will move that key to tpm and delete the key if the node has tpm

This PR uses the tpm2 utils. The branch and build and install tpm is not merged yet.

There are changes related to the update to make sure identityd restarts after installing the latest tpm2 binaries

@muhamadazmy
Make sure identityd resstart when bins are updated
0defcf2 
This to make sure identityd daemon uses the latest
tpm binaries. It simply make sure identityd restarts
when binaries are installed before continuing with
the update
@muhamadazmy muhamadazmy marked this pull request as ready for review September 6, 2022 10:21
abom
abom reviewed Sep 6, 2022
View reviewed changes
pkg/identity/builder.go
// so there is a key on disk, but tpm already has a stored key
// then we still just return no need for migration to avoid
// overriding the key in tpm
return tpm, nil
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about old data/signatures in this case?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is actually to avoid overriding the key inside tpm if someone decided to put another key on disk. The idea is that key migration will happen one time (and one time only) and then delete the key file. If suddenly a key appeared then it means something is fishy and the new key file is just ignored.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, got it. I think we also assume there's no other key at our chosen address, right? (not managed by us).

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's actually hard to grantee. Maybe we should add a validation (and clearing step) if the key is invalid.

@muhamadazmy muhamadazmy merged commit 8de8480 into main Sep 7, 2022
@muhamadazmy muhamadazmy deleted the tpm-research branch September 7, 2022 13:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abom abom abom left review comments

@maxux maxux Awaiting requested review from maxux

@delandtj delandtj Awaiting requested review from delandtj

@LeeSmet LeeSmet Awaiting requested review from LeeSmet

@DylanVerstraete DylanVerstraete Awaiting requested review from DylanVerstraete

@ashraffouda ashraffouda Awaiting requested review from ashraffouda ashraffouda is a code owner

@mariobassem mariobassem Awaiting requested review from mariobassem

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@muhamadazmy @abom