Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

resolves #859 #860

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

resolves #859 #860

wants to merge 2 commits into from

Conversation

ematery
Copy link

@ematery ematery commented Oct 18, 2024

…rom 0x01c00100 to 0x01c001ff, with the certificates stored concatenated in DER format.

If handles within this specified range are present, the following steps will be executed:

  1. The content of all NV handles will be collected into a vector.
  2. The content of the vector will be split into individual certificates.
  3. Each certificate will be converted to PEM format.
  4. The resulting PEM certificate chain will be provided as the 'ek_ca_chain' attribute to the registrar.

I appreciate any feedback, as I have no experience with the Rust programming language.

ematery and others added 2 commits October 18, 2024 14:41
…rom 0x01c00100 to 0x01c001ff, with the certificates stored concatenated in DER format.

If handles within this specified range are present, the following steps will be executed:

1. The content of all NV handles will be collected into a vector.
2. The content of the vector will be split into individual certificates.
3. Each certificate will be converted to PEM format.
4. The resulting PEM certificate chain will be provided as the 'ek_ca_chain' attribute to the registrar.

I appreciate any feedback, as I have no experience with the Rust programming language.

Signed-off-by: Eugen Matery <[email protected]>
Instead of using explicit dedicated transformations for each option in
the configuration structure, use an intermediary JSON structure to
implement the collect() method in a more generic way.

This makes it easier to add new configuration options and simplifies
maintenance.

Also, instead of duplicating the AgentConfig structure to receive the
options set in the environment variables, use the built-in Environment
Source trait implementation with a small change to make it possible to
use as a source for a KeylimeConfig structure.

Signed-off-by: Anderson Toshiyuki Sasaki <[email protected]>
Signed-off-by: Eugen Matery <[email protected]>
@ansasaki
Copy link
Contributor

Hello, thank you for your contribution!

The proposed changes require changes to the REST API definition, as well as changes on the Keylime registrar.
Please create an enhancement proposal in https://github.com/keylime/enhancements as this is not a simple change and could affect compatibility.

After the enhancement is discussed and approved the changes to both sides (registrar and agent) can be implemented.

Notice that most probably the proposed change to the registrar will also lead to a change in the database as it will require a new entry where the intermediate certificates would be stored. For this reason, the corresponding alembic database upgrade will also be required.

Sorry for the complex process, but it is the best way we could find to have all the steps reviewed and documented, as well as to reduce the chances of breaking existing users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants