Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement proper metadata verification in ManagedSecondary. #35

Merged
merged 5 commits into from
Nov 5, 2021
Merged

Implement proper metadata verification in ManagedSecondary. #35

merged 5 commits into from
Nov 5, 2021

Conversation

pattivacek
Copy link
Collaborator

@pattivacek
Move aktualizr-secondary's Metadata class to Uptane namespace.
3f1cd73 
This allows it to be used by other Secondary implementations, since it's
generic and quite useful.

Signed-off-by: Patti Vacek <pattivacek@gmail.com>
@pattivacek
aktualizr_secondary: Don't store Root metadata if verification fails.
c0ba9aa 
Signed-off-by: Patti Vacek <pattivacek@gmail.com>
@pattivacek
ManagedSecondary: implement proper metadata verification.
833814b 
This is basically the same logic used by aktualizr-secondary. The class
could still be cleaned up significantly, but this is a substantial
improvement.

Signed-off-by: Patti Vacek <pattivacek@gmail.com>
@pattivacek
delegation_test: Remove targets for the Secondary.
f0db5d6 
The new verification mechanism in ManagedSecondary doesn't support
delegations yet, so these tests were failing.

Signed-off-by: Patti Vacek <pattivacek@gmail.com>
@pattivacek
Bump tuf-test-vectors to latest.
4a7e37e 
Mostly minor stuff, but also a fix to the Root rotation tests.

Signed-off-by: Patti Vacek <pattivacek@gmail.com>
@pattivacek pattivacek force-pushed the virtual-secondary-verification branch from f48bfc6 to 4a7e37e Compare November 2, 2021 16:12
@mike-sul
Copy link
Collaborator

mike-sul commented Nov 5, 2021
edited
Loading

@lgtm, Just have one question. IIRC, we didn't do proper metadata verification for Managed/Virtual Secondary because they are running/located on the Primary ECU and Primary does verify their metadata prior to invoking putMetadata call. So, as far as I understand an approach has changed now so we need to do this additional verification?

@pattivacek
Copy link
Collaborator Author

IIRC, we didn't do proper metadata verification for Managed/Virtual Secondary because they are running/located on the Primary ECU and Primary does verify their metadata prior to invoking putMetadata call. So, as far as I understand an approach has changed now so we need to do this additional verification?

Right. From a security perspective it doesn't really make sense. It's honestly just about testing. This makes it easier to test Secondary verification without having to spin up another application. If you want a managed Secondary that doesn't do that, I think you should still be able to inherit from ManagedSecondary and just skip all the built-in verification functions. You can already use fiu to do that for putRoot with VirtualSecondary, for example.

Thanks for the review!

@pattivacek pattivacek merged commit 70478f6 into master Nov 5, 2021
@pattivacek pattivacek deleted the virtual-secondary-verification branch November 5, 2021 06:53
@jsrc27 jsrc27 mentioned this pull request May 31, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pattivacek @mike-sul