metropolis: finish implementing TPMMode This wraps up the implementation of TPMMode in ClusterConfiguration, allowing operators to select whether nodes should or should not use their TPM, based on local availability. We keep the default behaviour to require a TPM, as we'd like to be secure by default. Change-Id: Ic8ac76d88ecc9de51f58ca99c92daede79d78ad7 Reviewed-on: https://review.monogon.dev/c/monogon/+/1495 Tested-by: Jenkins CI Reviewed-by: Lorenz Brun <lorenz@monogon.tech>

commit: e4a4ce1dbbc8abc8a0817f80fcb27437a9e6ca63 [log] [tgz]
author: Serge Bazanski <serge@monogon.tech> Wed Mar 22 18:29:54 2023 +0100
committer: Serge Bazanski <serge@monogon.tech> Mon Apr 17 09:14:54 2023 +0000
tree: 1d2fc878f2e74e1e077dd8848c983c00e6ffcb6d
parent: 5df62bae21bd89f15321a54a33a2ff59f5cbdce8 [diff]
diff --git a/metropolis/node/core/roleserve/roleserve.go b/metropolis/node/core/roleserve/roleserve.go
index f97e9c9..c1493be 100644
--- a/metropolis/node/core/roleserve/roleserve.go
+++ b/metropolis/node/core/roleserve/roleserve.go

@@ -165,7 +165,7 @@
 	return s
 }
 
-func (s *Service) ProvideBootstrapData(privkey ed25519.PrivateKey, iok, cuk, nuk, jkey []byte, icc *curator.Cluster) {
+func (s *Service) ProvideBootstrapData(privkey ed25519.PrivateKey, iok, cuk, nuk, jkey []byte, icc *curator.Cluster, tpmUsage cpb.NodeTPMUsage) {
 	pubkey := privkey.Public().(ed25519.PublicKey)
 	nid := identity.NodeID(pubkey)
 
@@ -184,6 +184,7 @@
 		nodeUnlockKey:               nuk,
 		nodePrivateJoinKey:          jkey,
 		initialClusterConfiguration: icc,
+		nodeTPMUsage:                tpmUsage,
 	})
 }
 

diff --git a/metropolis/node/core/roleserve/value_bootstrapdata.go b/metropolis/node/core/roleserve/value_bootstrapdata.go
index 90af955..f2ed064 100644
--- a/metropolis/node/core/roleserve/value_bootstrapdata.go
+++ b/metropolis/node/core/roleserve/value_bootstrapdata.go

@@ -4,6 +4,7 @@
 	"crypto/ed25519"
 
 	"source.monogon.dev/metropolis/node/core/curator"
+	cpb "source.monogon.dev/metropolis/proto/common"
 )
 
 // bootstrapData is an internal EventValue structure which is populated by the
@@ -17,4 +18,5 @@
 	initialOwnerKey             []byte
 	nodePrivateJoinKey          ed25519.PrivateKey
 	initialClusterConfiguration *curator.Cluster
+	nodeTPMUsage                cpb.NodeTPMUsage
 }

diff --git a/metropolis/node/core/roleserve/worker_controlplane.go b/metropolis/node/core/roleserve/worker_controlplane.go
index 1a8e420..d21df70 100644
--- a/metropolis/node/core/roleserve/worker_controlplane.go
+++ b/metropolis/node/core/roleserve/worker_controlplane.go

@@ -283,7 +283,7 @@
 				npub := b.nodePrivateKey.Public().(ed25519.PublicKey)
 				jpub := b.nodePrivateJoinKey.Public().(ed25519.PublicKey)
 
-				n := curator.NewNodeForBootstrap(b.clusterUnlockKey, npub, jpub)
+				n := curator.NewNodeForBootstrap(b.clusterUnlockKey, npub, jpub, b.nodeTPMUsage)
 
 				// The first node always runs consensus.
 				join, err := st.AddNode(ctx, npub)
@@ -369,7 +369,7 @@
 					JoinKey:       b.nodePrivateJoinKey,
 					ClusterCa:     caCert,
 				}
-				if err = s.storageRoot.ESP.Metropolis.SealedConfiguration.SealSecureBoot(&sc); err != nil {
+				if err = s.storageRoot.ESP.Metropolis.SealedConfiguration.SealSecureBoot(&sc, b.nodeTPMUsage); err != nil {
 					return fmt.Errorf("writing sealed configuration failed: %w", err)
 				}
commit	e4a4ce1dbbc8abc8a0817f80fcb27437a9e6ca63	[log] [tgz]
author	Serge Bazanski <serge@monogon.tech>	Wed Mar 22 18:29:54 2023 +0100
committer	Serge Bazanski <serge@monogon.tech>	Mon Apr 17 09:14:54 2023 +0000
tree	1d2fc878f2e74e1e077dd8848c983c00e6ffcb6d
parent	5df62bae21bd89f15321a54a33a2ff59f5cbdce8 [diff]