Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 8b786897cc419483fa586fd620c3d725d7bd6a95^! / . / metropolis / node / core / main.go
commit8b786897cc419483fa586fd620c3d725d7bd6a95[log] [tgz]
authorLorenz Brun <lorenz@monogon.tech>Thu Jan 13 14:21:16 2022 +0100
committerLorenz Brun <lorenz@monogon.tech>Thu Jan 13 16:46:06 2022 +0000
tree1e4f582b8c2272b73970e4727171175320aeab7c
parent57d06a7cfa461f367d4362ccecf4a2d66068a1f9 [diff] [blame]
m/n/core: only warn if no TPM 2.0 has been found

Currently the TPM is basically unused. The only user is the generator of
node and cluster unlock keys, which get fed with both TPM and local entropy
which marginally increases security.
This converts a missing TPM 2.0 into a warning and falls back to generating
both of those keys purely with Linux entropy, allowing Metropolis to boot
on hardware without a TPM 2.0.

Change-Id: I910f9768ede554e5ec2c3a35079a6799d1ee9c8c
Reviewed-on: https://review.monogon.dev/c/monogon/+/514
Reviewed-by: Sergiusz Bazanski <serge@monogon.tech>

diff --git a/metropolis/node/core/main.go b/metropolis/node/core/main.go
index afe1d7b..fef5f81 100644
--- a/metropolis/node/core/main.go
+++ b/metropolis/node/core/main.go

@@ -90,7 +90,7 @@
 	logger.Info("Starting Metropolis node init")
 
 	if err := tpm.Initialize(logger); err != nil {
-		logger.Fatalf("Failed to initialize TPM 2.0: %v", err)
+		logger.Warningf("Failed to initialize TPM 2.0, attempting fallback to untrusted: %v", err)
 	}
 
 	networkSvc := network.New()