commit e4a4ce1dbbc8abc8a0817f80fcb27437a9e6ca63
author Serge Bazanski <serge@monogon.tech> Wed Mar 22 18:29:54 2023 +0100
committer Serge Bazanski <serge@monogon.tech> Mon Apr 17 09:14:54 2023 +0000
tree 1d2fc878f2e74e1e077dd8848c983c00e6ffcb6d
parent 5df62bae21bd89f15321a54a33a2ff59f5cbdce8

metropolis: finish implementing TPMMode

This wraps up the implementation of TPMMode in ClusterConfiguration,
allowing operators to select whether nodes should or should not use
their TPM, based on local availability.

We keep the default behaviour to require a TPM, as we'd like to be
secure by default.

Change-Id: Ic8ac76d88ecc9de51f58ca99c92daede79d78ad7
Reviewed-on: https://review.monogon.dev/c/monogon/+/1495
Tested-by: Jenkins CI
Reviewed-by: Lorenz Brun <lorenz@monogon.tech>

metropolis/proto/common/common.proto

diff --git a/metropolis/proto/common/common.proto b/metropolis/proto/common/common.proto
index 27dfa5a..8e0fa58 100644
--- a/metropolis/proto/common/common.proto
+++ b/metropolis/proto/common/common.proto
@@ -302,3 +302,16 @@
     }
     TPMMode tpm_mode = 1;
 }
+
+// NodeTPMUsage describes whether a node has a TPM2.0 and if it is/should be
+// actively used to seal secrets before saving them to its EFI system partition.
+enum NodeTPMUsage {
+    NODE_TPM_INVALID = 0;
+    // This node has no TPM 2.0.
+    NODE_TPM_NOT_PRESENT = 1;
+    // This node has a TPM 2.0 but the cluster configuration mandates not using
+    // it.
+    NODE_TPM_PRESENT_BUT_UNUSED = 2;
+    // This node has a TPM 2.0 and it is being actively used.
+    NODE_TPM_PRESENT_AND_USED = 3;
+}
\ No newline at end of file