Age | Commit message (Collapse) | Author | Files | Lines |
|
Testing in kubernetes revealed some issues that
needed to be fixed. This patch contains those changes.
Issue-ID: AAF-510
Change-Id: Ib7956a2d49f4f7f663f18522e71758dffe35bcb0
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
PRK Password needs to be passed to TPM Plugin
for load key operations to work.
P7: Moved readPassword to calling function
P8: Check size of password string before memcpy
P9: Updated readme
Issue-ID: AAF-484
Change-Id: I213446012005f2919ee0912ccfe99c3a555ccb74
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
|
|
These scripts imports the CA key to either tpm or
softhsm. Updates the pkcs11 config file and adds
the required config for softhsm
Change-Id: If45cfb514756bf4ab03081d458ed728921fa1d51
Issue-ID: AAF-483
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
|
|
Key pair reading in TPM plugin assumes a particular order for input buffers.
This patch checks the buffers and removes that assumption
Issue-ID: AAF-478
Change-Id: I4fff17c912a0890138d1f432e5bfab5c9946b1cb
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Removed hardcoded paths and using CWD instead.
Makes deployment testing simpler in kubernetes.
Makes data localized and easier to debug.
Issue-ID: AAF-474
Change-Id: Ic671a8de2442bb9ca11bbc994a6e84bb12053617
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
|
|
The init.sh file is removed as part of ownership change
hence needs to be removed from dockerfile as well.
Change-Id: I62fc1e3e15f98caf68c78be6b3ab0dbb326c2eb4
Issue-ID: AAF-409
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
|
|
|
|
|
|
Add -password command line argument to take the
primary key password to import keys.
Issue-ID: AAF-464
Change-Id: I68b87139405427d065883ffe714e1072d3e987df
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
This will facilitate the SoftHSMv2 implementation
when TPM is unavailable
Change-Id: Ic77627702db514213cece200a259f723e6d66d34
Issue-ID: AAF-414
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
|
|
TPM ownership and primary key creation is assumed to be a step that is
executed by the system administrator who will provide the credentials
to pods during startup [Srini]. Now, init only reads the public portion of the
primary key and puts it the host folder.
P9: Remove init.sh. Not needed as initialize will directly talk to device now.
Initialize is called during Step 1 and run_abrmd is called during Step 2
Issue-ID: AAF-409
Change-Id: Id0d1860f257c98045613e90b6b88e37858a9aceb
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Use base image for building abrmd container
Removes needless compilation steps involved
Issue-ID: AAF-461
Change-Id: Ib9e1606b24223f235f5e60ff94add29e142f6bda
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Add script to build and push the image to
nexus repo. Invoke the script from top level
build script.
Issue-ID: AAF-447
Change-Id: I112efd4b484ee05e0ba0811efcb8ba7082a5d621
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
Add script to build and push the image to
nexus repo. Invoke the script from top level
build script.
Change-Id: I644428d2da3bbc4688a3a45d34b8b7e9148314b0
Issue-ID: AAF-443
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
|
|
|
|
There is a dependency on tabrmd while building duplicate tool
and this is required for now. Cleanup and use base container
from nexus repo. Add build scripts for nightly build.
Change-Id: I4c3487d22988927084d7336671b81144374ccb5d
Issue-ID: AAF-418
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
Modifying ABRMD container to support Init tool
Change-Id: I8b2f8171688b67567e3ad4a3e4942ae76737bdfc
Issue-ID: AAF-342
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
|
|
Only in the case where no tpm hosts are present, then encrypt
and copy out the private key
Change-Id: I34fbcf65e61c4e6803f594ffe1c527c9afd8f184
Issue-ID: AAF-376
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
|
|
This patch provides a build script that can be triggered
by jenkins job to build base containers for AAF.
Change-Id: I029784e7adbd7076967b756c23678b562438e06f
Issue-ID: AAF-418
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
Changed naming and folder structure to allow for
easy integration with kubernetes. Changed createca
to distcenter name, after the container name.
Issue-ID: AAF-409
Change-Id: I6f9f290f7c1f02b42a11aea85c26b95b334082d1
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
|
|
|
|
The output files from Init, Duplicate and Import
is different and unique to each TPM and host
Change-Id: I718fedec07130cfb2ba7959aa2b964c2b59dbae5
Issue-ID: AAF-342
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
|
|
Using the given passphrase, encrypt the private key and copy out.
Use the public key from the mount for generating out files.
Change-Id: I5de42ad4c8a781201ed559b04b1457fe9e661e42
Issue-ID: AAF-376
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
bctest jar file is not used and can be removed
Change-Id: I9121a9f3ce8312a73454e51725f2d6f57522560d
Issue-ID: AAF-342
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
These are installed and present in the base container.
Change-Id: Ibf591476e1fb9e036398043614e2a92ac939f6ba
Issue-ID: AAF-342
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
|
|
Private handle should not be mandatory
as it is not needed in no HW support case
Change-Id: I92158cb0b90f2b661ac091afc4131ad048887e17
Issue-ID: AAF-405
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
|
|
Adding the dockerfile and required scripts
to implement CA service container functionality
Issue-ID: AAF-342
Change-Id: I8ea086008d0d8e50bfad3886c741ba21642ac974
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
|
|
|
|
This container generates the ca key and
certificate and encrypts it using SRK public
key and stores the generated files on host
folder shared with this container. The public
key is built into the image for sample
known target host.
Change-Id: Ibcfdd10bca86a3e785a7ba6221e22fb78d8b706f
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
Issue-ID: AAF-376
|
|
|
|
Including the ABRMD in a seperare directory for
better organization
Change-Id: I1097a2d7be5bc99b40b0bd59a4bdb939478d5129
Issue-ID: AAF-342
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
|
|
the tools used are Init and duplicate
Change-Id: Ib3298f5cc1970d49834089ba969d4ddc1f41fe27
Issue-ID: AAF-342
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
|
|
This can be considered as a sample for
shared voulume which holds application
content
Change-Id: Id46d33869402c22ae9902d1cdff4c1704e422362
Issue-ID: AAF-342
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
|
|
changing the path from the user's home directory to
root's home directory for duplicate and import utlity
Change-Id: I1550492925fdd0e3096e7aab853c16896819d61c
Issue-ID: AAF-334
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
|
|
|
|
|
|
|
|
Add INFO.yaml to list:
- Project description
- Properties
- PTL information
- Meeting information
- Committer information
Change-Id: I9e1a7b8db453fe1558a2f52a859d62c3767f115b
Issue-ID: CIMAN-134
Signed-off-by: Jessica Wagantall <jwagantall@linuxfoundation.org>
|
|
Added tpm2_plugin_rsa_sign_update(...), tpm2_plugin_rsa_sign_final(...),
tpm2_plugin_rsa_sign_cleanup(...) APIs.
Issue-ID: AAF-94
Change-Id: I104ff7b979329c03e91206d19371d3904f163993
Signed-off-by: NingSun <ning.sun@intel.com>
|
|
|
|
Includes changes to detect existing instances of key and
also some bug fixes. Also added new functionality for
RSA_SignUpdate, RSA_SignFinal and RSA_Cleanup
Issue-ID: AAF-260
Change-Id: Ib064e86b8f112784ed6d352ab1557ab9a13c5978
Signed-off-by: Ritu Sood <ritu.sood@intel.com>
|
|
|