Conversation
luqmana
force-pushed
the
luqmana/rot-attest
branch
from
54163d9 to
e4f73c5
Compare
luqmana
force-pushed
the
luqmana/rot-attest
branch
from
e4f73c5 to
de2a8d9
Compare
| chain.into_iter().map(|cert| cert.to_pem(LineEnding::LF)).collect(); | ||
| Ok(CertificateChain(certs?)) | ||
| } | ||
| } |
There was a problem hiding this comment.
It seems a little odd to have this and other conversion methods here. Can we push this lower into the rot modules to just return the type directly?
There was a problem hiding this comment.
Can we push this lower into the
rotmodules to just return the type directly?
I'm not sure I follow here. As in, change the types RotAttestationHandle::get_measurement_log/get_certificate_chain/attest take/return?
For the conversions, I had them here just to keep them close to the definitions which seem to be normal from a quick rg 'impl (Try)?From' sled-agent/types/versions/src
There was a problem hiding this comment.
Yeah I was thinking of changing the types returned from RotAttestationHandle to return the inventory types directly. There's a lot of TryFrom and From but that's for conversion between internal inventory types. There isn't another great example of other inventory types doing a lot of external conversions in sled-agent/types/versions/src/impls/ but if nobody else has a problem I think it's fine for it to stay as is.
There was a problem hiding this comment.
Got it, makes sense -- moved things around in fad57df.
luqmana
force-pushed
the
luqmana/rot-attest
branch
6 times, most recently
from
fad57df to
44ce979
Compare
|
Dropped the attestation code I had in the local omicron |
luqmana
force-pushed
the
luqmana/rot-attest
branch
from
3dc1e06 to
8f2c2eb
Compare
sled-agent/src/rot.rs
Outdated
| #[error("Failed to create IPCC attestor: {0}")] | ||
| AttestIpcc(#[from] dice_verifier::ipcc::IpccError), | ||
|
|
||
| #[error("Failed to create mock attestor: {0}")] | ||
| AttestMock(#[from] mock::AttestMockError), | ||
|
|
||
| #[error("Attestation request failed: {0}")] | ||
| Attest(#[from] AttestError), | ||
|
|
||
| #[error("RoT attestation queue full")] | ||
| Busy, | ||
|
|
||
| #[error("RoT attestation task gone - request cancelled")] |
There was a problem hiding this comment.
super nitpicky, but: i think typically the preferred style for these errors is to put the first character in lower-case, since they might be wrapped in another error and formatted like: failed to foo: couldn't get bar: invalid baz, and it looks weird if it's like failed to foo: Couldn't get bar: invalid baz
There was a problem hiding this comment.
Sure – updated all but the last 2 (to preserve the intended "RoT" capitalization).
| /// This should be run via `spawn_blocking` as we perform ipcc operations | ||
| /// via an ioctl and don't want to block any other tasks. |
There was a problem hiding this comment.
I kinda wonder if it would be better to have run do the spawn_blocking call internally, if calling it outside of a spawn_blocking is always wrong?
There was a problem hiding this comment.
Made new and run private and instead now provide a launch method that does both and ensures the semantics we want.
| impl fmt::Display for Rot { | ||
| fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { | ||
| match self { | ||
| Rot::Oxide => write!(f, "oxide"), | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
nit, take it or leave it: this could be derived using strum
|
|
||
| impl fmt::Debug for Sha3_256Digest { | ||
| fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { | ||
| f.debug_tuple("Sha3_256Digest").field(&hex::encode(self.0)).finish() |
There was a problem hiding this comment.
nit: I feel like it's generally considered bad form to allocate in a fmt::Debug impl, and hex::encode will, regretfully, allocate a String which we will then write to f and immediately drop. is there another crate that can wrap a byte array in a thing that implements fmt::Debug to format it in hex without allocating a string?
not a huge deal as we're probably not going to fmt::Debug these in a performance critical path, but...it would be nice...
There was a problem hiding this comment.
Went and added such a wrapper (BytesToHexDebug) to omicron_common and dropped the use of hex::encode here.
|
|
||
| impl fmt::Debug for Ed25519Signature { | ||
| fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { | ||
| f.debug_tuple("Ed25519Signature").field(&hex::encode(self.0)).finish() |
There was a problem hiding this comment.
similar hex::encode sadness here, not a huge deal.
There was a problem hiding this comment.
No more sadness! Switched to the new BytesToHexDebug here as well.
| # Only used by the simulated sled agent. | ||
| crucible-agent-client.workspace = true | ||
| derive_more.workspace = true | ||
| dice-verifier = { workspace = true, features = ["ipcc", "mock"] } |
There was a problem hiding this comment.
is it possible to only enable the mock stuff in the sled-agent sim? is that worth doing?
There was a problem hiding this comment.
No, this is actually for running real sled-agent but on a non-"gimlet":
omicron/smf/sled-agent/non-gimlet/config.toml
Line 124 in 558f89e
| pub struct RotAttestationTask { | ||
| log: Logger, | ||
| rx: mpsc::Receiver<RotAttestationMessage>, | ||
| attest: Box<dyn Attest + Send>, | ||
| } |
There was a problem hiding this comment.
maybe worth a comment someplace explaining that this is an actor task thingy as it has unique ownership over the attest instance?
There was a problem hiding this comment.
Added a blurb there with some more details.
… to sled_agent::rot
luqmana
force-pushed
the
luqmana/rot-attest
branch
from
8f2c2eb to
2a7011c
Compare
luqmana
force-pushed
the
luqmana/rot-attest
branch
from
2a7011c to
5561a2c
Compare
4 participants
This covers the sled agent portion of https://github.com/orgs/oxidecomputer/projects/159?pane=issue&itemId=139850060 by exposing a new set of APIs a propolis instance will call.
I hooked up the existing
verifier-clitool with a newsled-agent-client-based interface to exercise the new APIs (playing the role of propolis):