)]}' { "commit": "aa6b7346a87a5512fbdd5b39db766000c0e10415", "tree": "8b7665934b854d4d2ee18e90a289752f8cd85942", "parents": [ "5e0bd2d43ab72cf4091e7689d02f95e07b1c1010" ], "author": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Dec 12 02:55:02 2019 +0100" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@nexantic.com", "time": "Thu Dec 12 02:55:02 2019 +0100" }, "message": "Attestation \u0026 Identity \u0026 Global Unlock \u0026 Enrolment\n\nThis changes the node startup sequence significantly. Now the following three startup procedures replace the old setup/join mechanic:\n* If no enrolment config is present, automatically bootstrap a new cluster and become master for it.\n* If an enrolment config with an enrolment token is present, register with the NodeManagementService.\n* If an enrolment config without an enrolment token is present, attempt a normal cluster unlock.\n\nIt also completely revamps the GRPC management services:\n* NodeManagementService is a master-only service that deals with other nodes and has a cluster-wide identity\n* NodeService is only available in unlocked state and keyed with the node identity\n* ClusterManagement is now a master-only service that\u0027s been spun out of the main NMS since they have very different authentication models and also deals with EnrolmentConfigs\n\nThe TPM support library has also been extended by:\n* Lots of integrity attestation and verification functions\n* Built-in AK management\n* Some advanced policy-based authentication stuff\n\nAlso contains various enhancements to the network service to make everything work in a proper multi-node environment.\n\nLots of old code has been thrown out.\n\nTest Plan: Passed a full manual test of all three startup modes (bootstrap, enrolment and normal unlock) including automated EnrolmentConfig generation and consumption in a dual-node configuration on swtpm / OVMF.\n\nBug: T499\n\nX-Origin-Diff: phab/D291\nGitOrigin-RevId: d53755c828218b1df83a1d7ad252c7b3231abca8\n", "tree_diff": [ { "type": "modify", "old_id": "d28e60ceb1cae2f3179f27c235ded56b0af6972e", "old_mode": 33188, "old_path": "core/api/api/BUILD.bazel", "new_id": "61e4fe7a6c292d82750df3c973272662e314b921", "new_mode": 33188, "new_path": "core/api/api/BUILD.bazel" }, { "type": "modify", "old_id": "dd774e64992b4e5caebbbdd687db4c1dce5e73eb", "old_mode": 33188, "old_path": "core/api/api/schema.proto", "new_id": "7b4bdaf437a85226075fe0564b9b4fc2ccea853a", "new_mode": 33188, "new_path": "core/api/api/schema.proto" }, { "type": "modify", "old_id": "902008de0bf98249b94978f9e4f595e7c08609fc", "old_mode": 33188, "old_path": "core/cmd/init/main.go", "new_id": "2219a35814b80a1990020c2de547257783fecacc", "new_mode": 33188, "new_path": "core/cmd/init/main.go" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "14db892ec5d373cf4ab9ffb44a36476fe1af4212", "new_mode": 33188, "new_path": "core/cmd/mkenrolment/BUILD.bazel" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "a3254e09c983345dac37e12d198336c14a5ba87c", "new_mode": 33188, "new_path": "core/cmd/mkenrolment/main.go" }, { "type": "modify", "old_id": "f733e78f7b9c6493e8d3a80400b6480f4322f12d", "old_mode": 33188, "old_path": "core/cmd/mkimage/main.go", "new_id": "0803c80d2ca82f12fcd7f552e6e99b1b66d73623", "new_mode": 33188, "new_path": "core/cmd/mkimage/main.go" }, { "type": "modify", "old_id": "e7ec6f807445fbd24f68026439ace0c811eb6e64", "old_mode": 33188, "old_path": "core/internal/api/BUILD.bazel", "new_id": "e8623409f3c0a28762e7fda86938b3b3b09e7a86", "new_mode": 33188, "new_path": "core/internal/api/BUILD.bazel" }, { "type": "modify", "old_id": "d2c18c38fa337527689d3df21757b9a5d275396f", "old_mode": 33188, "old_path": "core/internal/api/cluster.go", "new_id": "dc794b396de5e8eeca63431a49bd8cd87a7bf8aa", "new_mode": 33188, "new_path": "core/internal/api/cluster.go" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "976b0f2bbb7aaaf333073d6b6d8229e349b0f038", "new_mode": 33188, "new_path": "core/internal/api/enrolment.go" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "4268a0f442e4b0c6c0e7fa9c7f5999837345539c", "new_mode": 33188, "new_path": "core/internal/api/nodemanagement.go" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "da3cbc4fa9d786530c89c0315a65d288887f85d4", "new_mode": 33188, "new_path": "core/internal/api/nodes.go" }, { "type": "modify", "old_id": "efd0be5c136ed4cd8e0b074e76dd2309b4d68424", "old_mode": 33188, "old_path": "core/internal/api/server.go", "new_id": "4e1e5faf615356aa7a2d1c82b20803c9093ea563", "new_mode": 33188, "new_path": "core/internal/api/server.go" }, { "type": "delete", "old_id": "f3175345e0c4e79b6f2981ced5954d33f030b6c1", "old_mode": 33188, "old_path": "core/internal/api/setup.go", "new_id": "0000000000000000000000000000000000000000", "new_mode": 0, "new_path": "/dev/null" }, { "type": "modify", "old_id": "1adbfd85aa0e2c32c022b1a0e9d307464020ce78", "old_mode": 33188, "old_path": "core/internal/common/BUILD.bazel", "new_id": "8bd89d64eb775640c46602e02596f9acd9c747da", "new_mode": 33188, "new_path": "core/internal/common/BUILD.bazel" }, { "type": "modify", "old_id": "e9cfed0063aa3fb91158ef62fb58ef904756767d", "old_mode": 33188, "old_path": "core/internal/common/grpc/grpc.go", "new_id": "97fc4c82f8286d2dd2608b49fcf18e20233d8e42", "new_mode": 33188, "new_path": "core/internal/common/grpc/grpc.go" }, { "type": "modify", "old_id": "1124d2766f0de0358d37f83c02274b4658e96a6f", "old_mode": 33188, "old_path": "core/internal/common/setup.go", "new_id": "e745e543d56bf64210aee7b10fa1000f9cb4a379", "new_mode": 33188, "new_path": "core/internal/common/setup.go" }, { "type": "modify", "old_id": "5fa33ac37fa3f9fd2c783a703cd70ada0af2dd9a", "old_mode": 33188, "old_path": "core/internal/consensus/BUILD.bazel", "new_id": "53b118d666bfc6ce2d83c01b9014f3e8ef2de384", "new_mode": 33188, "new_path": "core/internal/consensus/BUILD.bazel" }, { "type": "modify", "old_id": "6fa6210ed5039c0705f47259e20efb0c75a1fbcb", "old_mode": 33188, "old_path": "core/internal/consensus/consensus.go", "new_id": "5a0beadaeedfc0ed22770cadbd5c9693ab0e066d", "new_mode": 33188, "new_path": "core/internal/consensus/consensus.go" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "cb551cc5ecf1e8341696b918253db861ec791e2d", "new_mode": 33188, "new_path": "core/internal/integrity/BUILD.bazel" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "f92c0084463a1c1af8a6e62b05107dc7dae5b134", "new_mode": 33188, "new_path": "core/internal/integrity/common.go" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "c4c77bbe8e408505669ba44a1dae92c8a1ee2073", "new_mode": 33188, "new_path": "core/internal/integrity/tpm2/BUILD.bazel" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "849756260b4d1e175b9957c8bc5a4368945b2b52", "new_mode": 33188, "new_path": "core/internal/integrity/tpm2/tpm2.go" }, { "type": "modify", "old_id": "e7f7d55b63024d85ec5fd40dd6b967a4e79c07d3", "old_mode": 33188, "old_path": "core/internal/network/BUILD.bazel", "new_id": "3208ea82dfc891a96810048b2f1c732edb99a77f", "new_mode": 33188, "new_path": "core/internal/network/BUILD.bazel" }, { "type": "modify", "old_id": "0888de7ad4b68ed8ba7042bb443faf7dcab32892", "old_mode": 33188, "old_path": "core/internal/network/main.go", "new_id": "04ab15935168db5a8b1b516c8482b6b33a05076a", "new_mode": 33188, "new_path": "core/internal/network/main.go" }, { "type": "modify", "old_id": "529c6eeb2c8a12316213b88b31433e7bd3f7103b", "old_mode": 33188, "old_path": "core/internal/node/BUILD.bazel", "new_id": "d96c0e69d20f6f875c2f2e1712340a89e2671c81", "new_mode": 33188, "new_path": "core/internal/node/BUILD.bazel" }, { "type": "modify", "old_id": "40aa8b3b416bd20d82d2a6bc71e83577cb16449f", "old_mode": 33188, "old_path": "core/internal/node/main.go", "new_id": "b1d74d6b2e8d2eb193d0c8f3ce0605379bac04d4", "new_mode": 33188, "new_path": "core/internal/node/main.go" }, { "type": "modify", "old_id": "285046a1cd4f7cb679434b03789805661f2fcfd8", "old_mode": 33188, "old_path": "core/internal/node/setup.go", "new_id": "23eb24cba79905cb10b4e5d2eb423526b02ab022", "new_mode": 33188, "new_path": "core/internal/node/setup.go" }, { "type": "modify", "old_id": "80af4c979d70b1a9bea43f55fee3ee487e57631e", "old_mode": 33188, "old_path": "core/internal/storage/data.go", "new_id": "2b2251a603b30157eea25099c18b5fd0060a126d", "new_mode": 33188, "new_path": "core/internal/storage/data.go" }, { "type": "modify", "old_id": "6803e8a8b5f56bec7526f894763c34412d3dc2e3", "old_mode": 33188, "old_path": "core/pkg/tpm/BUILD.bazel", "new_id": "c39055f6fb0286036be4b4002803dd7165b8c409", "new_mode": 33188, "new_path": "core/pkg/tpm/BUILD.bazel" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "0a848d262b009e4140a4a41c06c1a848dd06d068", "new_mode": 33188, "new_path": "core/pkg/tpm/credactivation_compat.go" }, { "type": "modify", "old_id": "e3973d1c284ad3f7932ef244720595e31b4a89a7", "old_mode": 33188, "old_path": "core/pkg/tpm/tpm.go", "new_id": "bb922892620610ab149d8fef6b8c0a7956d8bb81", "new_mode": 33188, "new_path": "core/pkg/tpm/tpm.go" }, { "type": "modify", "old_id": "730f60b6362086084f8b5f9b701de4eeca7bcaf1", "old_mode": 33261, "old_path": "core/scripts/launch.sh", "new_id": "bc91f0c269fb18d2ea29b479538f83d01b4707b6", "new_mode": 33261, "new_path": "core/scripts/launch.sh" }, { "type": "modify", "old_id": "3b6674e5ebf5b7ab7c758c22ab02df18f322908c", "old_mode": 33261, "old_path": "core/scripts/test_boot.sh", "new_id": "3b4b57d1f05666cad1d9c6acd6f3dbc8f844295a", "new_mode": 33261, "new_path": "core/scripts/test_boot.sh" } ] }