Age | Commit message (Collapse) | Author | Files | Lines |
|
Testing in kubernetes revealed some issues that
needed to be fixed. This patch contains those changes.
Issue-ID: AAF-510
Change-Id: Ib7956a2d49f4f7f663f18522e71758dffe35bcb0
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
PRK Password needs to be passed to TPM Plugin
for load key operations to work.
P7: Moved readPassword to calling function
P8: Check size of password string before memcpy
P9: Updated readme
Issue-ID: AAF-484
Change-Id: I213446012005f2919ee0912ccfe99c3a555ccb74
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
These scripts imports the CA key to either tpm or
softhsm. Updates the pkcs11 config file and adds
the required config for softhsm
Change-Id: If45cfb514756bf4ab03081d458ed728921fa1d51
Issue-ID: AAF-483
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
|
|
The init.sh file is removed as part of ownership change
hence needs to be removed from dockerfile as well.
Change-Id: I62fc1e3e15f98caf68c78be6b3ab0dbb326c2eb4
Issue-ID: AAF-409
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
|
|
|
|
This will facilitate the SoftHSMv2 implementation
when TPM is unavailable
Change-Id: Ic77627702db514213cece200a259f723e6d66d34
Issue-ID: AAF-414
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
|
|
TPM ownership and primary key creation is assumed to be a step that is
executed by the system administrator who will provide the credentials
to pods during startup [Srini]. Now, init only reads the public portion of the
primary key and puts it the host folder.
P9: Remove init.sh. Not needed as initialize will directly talk to device now.
Initialize is called during Step 1 and run_abrmd is called during Step 2
Issue-ID: AAF-409
Change-Id: Id0d1860f257c98045613e90b6b88e37858a9aceb
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Use base image for building abrmd container
Removes needless compilation steps involved
Issue-ID: AAF-461
Change-Id: Ib9e1606b24223f235f5e60ff94add29e142f6bda
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
Add script to build and push the image to
nexus repo. Invoke the script from top level
build script.
Issue-ID: AAF-447
Change-Id: I112efd4b484ee05e0ba0811efcb8ba7082a5d621
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
Add script to build and push the image to
nexus repo. Invoke the script from top level
build script.
Change-Id: I644428d2da3bbc4688a3a45d34b8b7e9148314b0
Issue-ID: AAF-443
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
|
|
|
|
There is a dependency on tabrmd while building duplicate tool
and this is required for now. Cleanup and use base container
from nexus repo. Add build scripts for nightly build.
Change-Id: I4c3487d22988927084d7336671b81144374ccb5d
Issue-ID: AAF-418
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
Modifying ABRMD container to support Init tool
Change-Id: I8b2f8171688b67567e3ad4a3e4942ae76737bdfc
Issue-ID: AAF-342
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
|
|
Only in the case where no tpm hosts are present, then encrypt
and copy out the private key
Change-Id: I34fbcf65e61c4e6803f594ffe1c527c9afd8f184
Issue-ID: AAF-376
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
|
|
This patch provides a build script that can be triggered
by jenkins job to build base containers for AAF.
Change-Id: I029784e7adbd7076967b756c23678b562438e06f
Issue-ID: AAF-418
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
Changed naming and folder structure to allow for
easy integration with kubernetes. Changed createca
to distcenter name, after the container name.
Issue-ID: AAF-409
Change-Id: I6f9f290f7c1f02b42a11aea85c26b95b334082d1
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|
|
|
|
Using the given passphrase, encrypt the private key and copy out.
Use the public key from the mount for generating out files.
Change-Id: I5de42ad4c8a781201ed559b04b1457fe9e661e42
Issue-ID: AAF-376
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
bctest jar file is not used and can be removed
Change-Id: I9121a9f3ce8312a73454e51725f2d6f57522560d
Issue-ID: AAF-342
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
These are installed and present in the base container.
Change-Id: Ibf591476e1fb9e036398043614e2a92ac939f6ba
Issue-ID: AAF-342
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
|
|
Adding the dockerfile and required scripts
to implement CA service container functionality
Issue-ID: AAF-342
Change-Id: I8ea086008d0d8e50bfad3886c741ba21642ac974
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
|
|
|
|
This container generates the ca key and
certificate and encrypts it using SRK public
key and stores the generated files on host
folder shared with this container. The public
key is built into the image for sample
known target host.
Change-Id: Ibcfdd10bca86a3e785a7ba6221e22fb78d8b706f
Signed-off-by: Manjunath Ranganathaiah <manjunath.ranganathaiah@intel.com>
Issue-ID: AAF-376
|
|
Including the ABRMD in a seperare directory for
better organization
Change-Id: I1097a2d7be5bc99b40b0bd59a4bdb939478d5129
Issue-ID: AAF-342
Signed-off-by: Pramod Raghavendra Jayathirth <pramod.raghavendra.jayathirth@intel.com>
|
|
Adding a dockerfile to build a container that has
tss, abrmd and tpm2-tools installed on it.
Issue-ID: AAF-275
Change-Id: I8bda86d36290785950cf3c23d6527e1245652f42
Signed-off-by: Kiran Kamineni <kiran.k.kamineni@intel.com>
|