Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 662182fd732fb523ee76bdc069f603bc378a6d2e
commit662182fd732fb523ee76bdc069f603bc378a6d2e[log] [tgz]
authorLorenz Brun <lorenz@monogon.tech>Thu Mar 10 14:06:48 2022 +0100
committerLorenz Brun <lorenz@monogon.tech>Thu Mar 10 16:24:34 2022 +0000
tree0dbebeb12a8be1de9f19d31d6c6319e005af749e
parent74440ac441be981eb570dc37036e71bf25a04492 [diff]
m/p/tpm: use secretbox with seal/unseal for larger payloads

Natively the Seal/Unseal operation in the TPM 2.0 specification only
supports up to 128 bytes of payload. If you need to seal more than that
the specification tells you to generate and seal a key and use that to
encrypt and authenticate the rest of the data. This CL implements said
mechanism transparently as part of the Seal and Unseal functions using
a nacl-compatible secretbox as the authenticated encryption primitive.

Change-Id: I0a724b12aae5e5151d103b52ed13b71c864076ab
Reviewed-on: https://review.monogon.dev/c/monogon/+/626
Reviewed-by: Sergiusz Bazanski <serge@monogon.tech>
4 files changed
tree: 0dbebeb12a8be1de9f19d31d6c6319e005af749e
  1. build/
  2. intellij/
  3. metropolis/
  4. scripts/
  5. third_party/
  6. .bazelignore
  7. .bazelproject
  8. .bazelrc
  9. .git-ignore-revs
  10. .gitignore
  11. BUILD
  12. CODING_STANDARDS.md
  13. LICENSE
  14. README.md
  15. WORKSPACE
README.md

Monogon Monorepo

This is the main repository containing the source code for the Monogon Project.

This is pre-release software - feel free to look around, and check back later for our first release!

Environment

Our build environment requires a working Podman binary (your distribution should have one).

Usage

Spinning up: scripts/create_container.sh

Spinning down: scripts/destroy_container.sh

Running commands: scripts/run_in_container.sh <...>

Using bazel using a wrapper script: scripts/bin/bazel <...> (add to your local $PATH for convenience)

IntelliJ

This repository is compatible with the IntelliJ Bazel plugin, which enables full autocompletion for external dependencies and generated code. All commands run inside the container, and necessary paths are mapped into the container.

The following steps are necessary:

  • Install Google's Bazel plugin in IntelliJ. On IntelliJ 2020.3 or later, you need to install a beta release of the plugin.

  • Add the absolute path to your ~/.cache/bazel-monogon folder to your idea64.vmoptions (Help → Edit Custom VM Options) and restart IntelliJ:

    -Dbazel.bep.path=/home/leopold/.cache/bazel-monogon

  • Set "Bazel Binary Location" in Other Settings → Bazel Settings to the absolute path of scripts/bin/bazel. This is a wrapper that will execute Bazel inside the container.

  • Use File → Import Bazel project... to create a new project from .bazelproject.

After running the first sync, everything should now resolve in the IDE, including generated code.

Metropolis

Run a single node cluster

Launch the node:

scripts/bin/bazel run //:launch

Run a kubectl command:

scripts/bin/bazel run //metropolis/cli/dbg -- kubectl describe

Run tests:

scripts/bin/bazel test //...