metropolis/proto/private/private.proto - monogon - Gitiles

 // Copyright 2020 The Monogon Project Authors.
 //
 // SPDX-License-Identifier: Apache-2.0
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 syntax = "proto3";
 option go_package = "source.monogon.dev/metropolis/proto/private";
 package metropolis.proto.private;

 import "metropolis/proto/common/common.proto";

 // SealedConfiguration is all configuration kept in a TPM-sealed (ie.
 // confidential and tamper-resistant) blob within the node's ESP (EFI)
 // partition. It contains everything that the node needs to join an existing
 // cluster after rebooting.
 message SealedConfiguration {
     // node_unlock_key (NUK) is the node's part of the key required to unlock
     // the node's data partition(s). It is combined with the Cluster Unlock Key
     // (CUK) that's stored in etcd to create a key which is then used to mount
     // the data partition. The NUK and CUK are generated on bootstrap and
     // registration.
     bytes node_unlock_key = 1;
     // join_key is an ED25519 private key generated during registration. The
     // public part is shared with Curator to authenticate the join procedure.
     bytes join_key = 2;
     // cluster_ca is the X509 CA certificate of the cluster set during
     // registration and used by nodes joining the cluster.
     bytes cluster_ca = 3;
     // storage_security is the node storage security that this node has been
     // created with, and is used to determine the way the local storage (ie.
     // Metropolis data partition) will be attempted to be mounted on subsequent
     // node startups.
     metropolis.proto.common.NodeStorageSecurity storage_security = 4;
 }
	// Copyright 2020 The Monogon Project Authors.
	//
	// SPDX-License-Identifier: Apache-2.0
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	syntax = "proto3";
	option go_package = "source.monogon.dev/metropolis/proto/private";
	package metropolis.proto.private;

	import "metropolis/proto/common/common.proto";

	// SealedConfiguration is all configuration kept in a TPM-sealed (ie.
	// confidential and tamper-resistant) blob within the node's ESP (EFI)
	// partition. It contains everything that the node needs to join an existing
	// cluster after rebooting.
	message SealedConfiguration {
	// node_unlock_key (NUK) is the node's part of the key required to unlock
	// the node's data partition(s). It is combined with the Cluster Unlock Key
	// (CUK) that's stored in etcd to create a key which is then used to mount
	// the data partition. The NUK and CUK are generated on bootstrap and
	// registration.
	bytes node_unlock_key = 1;
	// join_key is an ED25519 private key generated during registration. The
	// public part is shared with Curator to authenticate the join procedure.
	bytes join_key = 2;
	// cluster_ca is the X509 CA certificate of the cluster set during
	// registration and used by nodes joining the cluster.
	bytes cluster_ca = 3;
	// storage_security is the node storage security that this node has been
	// created with, and is used to determine the way the local storage (ie.
	// Metropolis data partition) will be attempted to be mounted on subsequent
	// node startups.
	metropolis.proto.common.NodeStorageSecurity storage_security = 4;
	}