diff --git a/Cargo.lock b/Cargo.lock index ca217165270..91e68b4b509 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -59,7 +59,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5a15f179cd60c4584b8a8c596927aadc462e27f2ca70c04e0071964a73ba7a75" dependencies = [ "cfg-if", - "getrandom 0.3.1", + "getrandom 0.3.4", "once_cell", "version_check", "zerocopy 0.8.27", @@ -519,17 +519,21 @@ dependencies = [ [[package]] name = "attest-data" -version = "0.3.0" -source = "git+https://github.com/oxidecomputer/dice-util?rev=3cc953c8d0ace2f20cbcf3920b0771d25301960a#3cc953c8d0ace2f20cbcf3920b0771d25301960a" +version = "0.4.0" +source = "git+https://github.com/oxidecomputer/dice-util?rev=4b408edc1d00f108ddf635415d783e6f12fe9641#4b408edc1d00f108ddf635415d783e6f12fe9641" dependencies = [ - "getrandom 0.2.15", + "const-oid", + "der", + "getrandom 0.3.4", + "hex", "hubpack", + "rats-corim", "salty", "serde", "serde_with", "sha3", "static_assertions", - "thiserror 1.0.69", + "thiserror 2.0.17", ] [[package]] @@ -952,7 +956,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "sled-agent-types", "sled-hardware-types", @@ -970,7 +974,7 @@ dependencies = [ "progenitor 0.10.0", "regress", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "sled-hardware-types", @@ -1445,7 +1449,7 @@ dependencies = [ "omicron-workspace-hack", "oxide-tokio-rt", "ratatui", - "schemars", + "schemars 0.8.22", "serde_json", "slog", "slog-async", @@ -1466,7 +1470,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", ] @@ -1481,7 +1485,7 @@ dependencies = [ "omicron-workspace-hack", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "slog", ] @@ -1496,7 +1500,7 @@ dependencies = [ "omicron-workspace-hack", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "slog", ] @@ -1511,7 +1515,7 @@ dependencies = [ "omicron-workspace-hack", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "slog", ] @@ -1542,7 +1546,7 @@ dependencies = [ "itertools 0.14.0", "omicron-common", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -1575,7 +1579,7 @@ dependencies = [ "camino", "clap", "derive_more 0.99.20", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "thiserror 1.0.69", @@ -1617,7 +1621,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", ] @@ -1631,7 +1635,7 @@ dependencies = [ "omicron-workspace-hack", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "slog", ] @@ -1645,7 +1649,7 @@ dependencies = [ "omicron-common", "omicron-workspace-hack", "proptest", - "schemars", + "schemars 0.8.22", "serde", "test-strategy", "thiserror 2.0.17", @@ -1664,7 +1668,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "117725a109d387c937a1533ce01b450cbde6b88abceea8473c4d7a85853cda3c" dependencies = [ "lazy_static", - "windows-sys 0.59.0", + "windows-sys 0.48.0", ] [[package]] @@ -1677,7 +1681,7 @@ dependencies = [ "oximeter 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "oxnet", "rand 0.9.2", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -1699,7 +1703,7 @@ dependencies = [ "oximeter 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "oxnet", "rand 0.9.2", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -1862,6 +1866,12 @@ version = "0.8.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b" +[[package]] +name = "corncobs" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b0e03e9489176ebd301922fdcd0234f6dee954cbf65311863353f20d2746a8db" + [[package]] name = "cpufeatures" version = "0.2.14" @@ -2061,7 +2071,7 @@ dependencies = [ "percent-encoding", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", ] @@ -2073,7 +2083,7 @@ source = "git+https://github.com/oxidecomputer/crucible?rev=102b0bb8305cfbc3fa74 dependencies = [ "base64 0.22.1", "crucible-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "uuid", @@ -2090,7 +2100,7 @@ dependencies = [ "dropshot", "nix 0.29.0", "rustls-pemfile 1.0.4", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -2120,7 +2130,7 @@ dependencies = [ "percent-encoding", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "uuid", @@ -2446,9 +2456,9 @@ dependencies = [ [[package]] name = "der" -version = "0.7.9" +version = "0.7.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" +checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" dependencies = [ "const-oid", "der_derive", @@ -2475,6 +2485,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d630bccd429a5bb5a64b5e94f693bfc48c9f8566418fda4c494cc94f911f87cc" dependencies = [ "powerfmt", + "serde", ] [[package]] @@ -2611,20 +2622,38 @@ dependencies = [ "proc-macro2", ] +[[package]] +name = "dice-mfg-msgs" +version = "0.2.1" +source = "git+https://github.com/oxidecomputer/dice-util?rev=4b408edc1d00f108ddf635415d783e6f12fe9641#4b408edc1d00f108ddf635415d783e6f12fe9641" +dependencies = [ + "const-oid", + "corncobs", + "hubpack", + "serde", + "serde-big-array", + "thiserror 2.0.17", + "x509-cert", + "zerocopy 0.8.27", +] + [[package]] name = "dice-verifier" -version = "0.2.0" -source = "git+https://github.com/oxidecomputer/dice-util?rev=3cc953c8d0ace2f20cbcf3920b0771d25301960a#3cc953c8d0ace2f20cbcf3920b0771d25301960a" +version = "0.3.0-pre0" +source = "git+https://github.com/oxidecomputer/dice-util?rev=4b408edc1d00f108ddf635415d783e6f12fe9641#4b408edc1d00f108ddf635415d783e6f12fe9641" dependencies = [ - "anyhow", "attest-data", "const-oid", "ed25519-dalek", "env_logger", + "hubpack", + "libipcc", "log", "p384", - "pem-rfc7468", + "rats-corim", "sha3", + "tempfile", + "thiserror 2.0.17", "x509-cert", ] @@ -2785,7 +2814,7 @@ dependencies = [ "pretty-hex 0.4.1", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -2811,7 +2840,7 @@ dependencies = [ "dropshot-api-manager-types", "internal-dns-types", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", ] @@ -2827,7 +2856,7 @@ dependencies = [ "omicron-workspace-hack", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "slog", ] @@ -2890,7 +2919,7 @@ dependencies = [ "progenitor 0.11.2", "regress", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -2914,7 +2943,7 @@ dependencies = [ "progenitor 0.11.2", "regress", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -2965,7 +2994,7 @@ dependencies = [ "percent-encoding", "rustls 0.22.4", "rustls-pemfile 2.2.0", - "schemars", + "schemars 0.8.22", "scopeguard", "semver 1.0.27", "serde", @@ -3271,9 +3300,9 @@ dependencies = [ [[package]] name = "env_logger" -version = "0.11.5" +version = "0.11.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e13fa619b91fb2381732789fc5de83b45675e882f66623b7d8cb4f643017018d" +checksum = "13c863f0904021b108aa8b2f55046443e6b1ebde8fd4a15c399893aae4fa069f" dependencies = [ "anstream", "anstyle", @@ -3304,7 +3333,7 @@ dependencies = [ "dropshot", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "thiserror 2.0.17", @@ -3739,7 +3768,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "uuid", @@ -3786,7 +3815,7 @@ dependencies = [ "progenitor 0.10.0", "rand 0.9.2", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -3892,7 +3921,7 @@ dependencies = [ "omicron-uuid-kinds", "omicron-workspace-hack", "proptest", - "schemars", + "schemars 0.8.22", "serde", "test-strategy", "thiserror 2.0.17", @@ -3943,20 +3972,20 @@ dependencies = [ "cfg-if", "js-sys", "libc", - "wasi 0.11.0+wasi-snapshot-preview1", + "wasi", "wasm-bindgen", ] [[package]] name = "getrandom" -version = "0.3.1" +version = "0.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43a49c392881ce6d5c3b8cb70f98717b7c07aabbdff06687b9030dbfbe2725f8" +checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd" dependencies = [ "cfg-if", "libc", - "wasi 0.13.3+wasi-0.2.2", - "windows-targets 0.52.6", + "r-efi", + "wasip2", ] [[package]] @@ -4906,7 +4935,7 @@ dependencies = [ "derive-where", "omicron-workspace-hack", "proptest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "test-strategy", @@ -4926,7 +4955,7 @@ dependencies = [ "proptest", "ref-cast", "rustc-hash 2.1.1", - "schemars", + "schemars 0.8.22", "serde_core", "serde_json", ] @@ -5021,7 +5050,7 @@ dependencies = [ "oxlog", "oxnet", "regress", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -5060,6 +5089,7 @@ checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" dependencies = [ "autocfg", "hashbrown 0.12.3", + "serde", ] [[package]] @@ -5237,7 +5267,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "slog", "tufaceous-artifact", @@ -5255,7 +5285,7 @@ dependencies = [ "progenitor 0.10.0", "regress", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -5273,7 +5303,7 @@ dependencies = [ "omicron-common", "omicron-workspace-hack", "proptest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_with", @@ -5351,7 +5381,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "serde_json", ] @@ -5416,7 +5446,7 @@ version = "0.21.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf370abdafd54d13e54a620e8c3e1145f28e46cc9d704bc6d94414559df41763" dependencies = [ - "schemars", + "schemars 0.8.22", "serde", ] @@ -5752,7 +5782,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4979f22fdb869068da03c9f7528f8297c6fd2606bc3a4affe42e6a823fdb8da4" dependencies = [ "cfg-if", - "windows-targets 0.52.6", + "windows-targets 0.48.5", ] [[package]] @@ -5942,7 +5972,7 @@ dependencies = [ "progenitor 0.11.2", "protocol", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -5956,7 +5986,7 @@ source = "git+https://github.com/oxidecomputer/lldp#61479b6922f9112fbe1e722414d2 dependencies = [ "anyhow", "dpd-client 0.1.0 (git+https://github.com/oxidecomputer/dendrite?branch=main)", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -6180,7 +6210,7 @@ dependencies = [ "percent-encoding", "progenitor 0.11.2", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -6244,7 +6274,7 @@ dependencies = [ "hermit-abi 0.3.9", "libc", "log", - "wasi 0.11.0+wasi-snapshot-preview1", + "wasi", "windows-sys 0.52.0", ] @@ -6347,7 +6377,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "74d1216f62e63be5fb25a9ecd1e2b37b1556a9b8c02f4831770f5d01df85c226" dependencies = [ "proptest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "uuid", @@ -6438,7 +6468,7 @@ dependencies = [ "progenitor 0.10.0", "regress", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -6459,7 +6489,7 @@ dependencies = [ "omicron-uuid-kinds", "omicron-workspace-hack", "pretty_assertions", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_with", @@ -6560,7 +6590,7 @@ dependencies = [ "rand 0.9.2", "ref-cast", "regex", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -6645,7 +6675,7 @@ dependencies = [ "ref-cast", "regex", "rustls 0.22.4", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -6722,7 +6752,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "uuid", ] @@ -6786,7 +6816,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "uuid", ] @@ -6808,7 +6838,7 @@ dependencies = [ "progenitor 0.10.0", "regress", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -7185,7 +7215,7 @@ dependencies = [ "omicron-uuid-kinds", "omicron-workspace-hack", "proptest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "sled-hardware-types", @@ -7324,7 +7354,7 @@ dependencies = [ "parse-display", "proptest", "regex", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -7439,7 +7469,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", ] @@ -7452,7 +7482,7 @@ dependencies = [ "omicron-workspace-hack", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "slog", ] @@ -7465,7 +7495,7 @@ dependencies = [ "omicron-common", "omicron-workspace-hack", "proptest", - "schemars", + "schemars 0.8.22", "serde", "test-strategy", "thiserror 2.0.17", @@ -7738,7 +7768,7 @@ dependencies = [ "oxide-tokio-rt", "oximeter-db", "oximeter-test-utils", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -7782,7 +7812,7 @@ dependencies = [ "pq-sys", "proptest", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -7851,7 +7881,7 @@ dependencies = [ "rand 0.9.2", "regress", "reqwest", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_human_bytes", @@ -7992,7 +8022,7 @@ dependencies = [ "oximeter 0.1.0", "oximeter-instruments", "oximeter-producer", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "signal-hook", @@ -8198,7 +8228,7 @@ dependencies = [ "rustls 0.22.4", "rustls-pemfile 2.2.0", "samael", - "schemars", + "schemars 0.8.22", "scim2-rs", "semver 1.0.27", "serde", @@ -8260,7 +8290,7 @@ dependencies = [ "pq-sys", "proptest", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -8414,7 +8444,7 @@ dependencies = [ "omicron-workspace-hack", "rand 0.9.2", "rust-argon2", - "schemars", + "schemars 0.8.22", "secrecy 0.10.3", "serde", "serde_with", @@ -8623,7 +8653,7 @@ dependencies = [ "repo-depot-api", "repo-depot-client", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_human_bytes", "serde_json", @@ -8718,7 +8748,7 @@ dependencies = [ "newtype-uuid-macros", "paste", "proptest", - "schemars", + "schemars 0.8.22", ] [[package]] @@ -8774,7 +8804,7 @@ dependencies = [ "gateway-messages", "generic-array", "getrandom 0.2.15", - "getrandom 0.3.1", + "getrandom 0.3.4", "group", "hashbrown 0.16.0", "heck 0.4.1", @@ -8835,14 +8865,16 @@ dependencies = [ "rustix 1.0.7", "rustls 0.23.19", "rustls-webpki 0.102.8", - "schemars", + "schemars 0.8.22", "scopeguard", "semver 1.0.27", "serde", "serde_core", "serde_json", + "serde_with", "sha1", "sha2", + "sha3", "similar", "slog", "smallvec 1.15.1", @@ -9191,7 +9223,7 @@ dependencies = [ "dropshot-api-manager-types", "omicron-common", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "uuid", @@ -9242,7 +9274,7 @@ dependencies = [ "qorb", "rand 0.9.2", "reqwest", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -9307,7 +9339,7 @@ dependencies = [ "regex", "reqwest", "rustyline", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -9343,7 +9375,7 @@ dependencies = [ "omicron-workspace-hack", "oximeter 0.1.0", "rand 0.9.2", - "schemars", + "schemars 0.8.22", "serde", "slog", "slog-async", @@ -9389,7 +9421,7 @@ dependencies = [ "omicron-test-utils", "omicron-workspace-hack", "oximeter 0.1.0", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -9413,7 +9445,7 @@ dependencies = [ "prettyplease", "proc-macro2", "quote", - "schemars", + "schemars 0.8.22", "serde", "slog-error-chain", "syn 2.0.106", @@ -9434,7 +9466,7 @@ dependencies = [ "prettyplease", "proc-macro2", "quote", - "schemars", + "schemars 0.8.22", "serde", "slog-error-chain", "syn 2.0.106", @@ -9500,7 +9532,7 @@ dependencies = [ "rand_distr", "regex", "rstest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "strum 0.27.2", @@ -9522,7 +9554,7 @@ dependencies = [ "omicron-workspace-hack", "parse-display", "regex", - "schemars", + "schemars 0.8.22", "serde", "strum 0.27.2", "thiserror 2.0.17", @@ -9552,7 +9584,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8200429754152e6379fbb1dd06eea90156c3b67591f6e31d08e787d010ef0168" dependencies = [ "ipnetwork", - "schemars", + "schemars 0.8.22", "serde", "serde_json", ] @@ -9567,7 +9599,7 @@ dependencies = [ "num", "omicron-workspace-hack", "oximeter-types 0.1.0", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "uuid", @@ -9587,9 +9619,9 @@ dependencies = [ [[package]] name = "p384" -version = "0.13.0" +version = "0.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70786f51bcc69f6a4c0360e063a4cac5419ef7c5cd5b3c99ad70f3be5ba79209" +checksum = "fe42f1670a52a47d448f14b6a5c61dd78fce51856e68edaa38f7ae3a46b8d6b6" dependencies = [ "ecdsa", "elliptic-curve", @@ -10525,7 +10557,7 @@ dependencies = [ "proc-macro2", "quote", "regex", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "syn 2.0.106", @@ -10547,7 +10579,7 @@ dependencies = [ "proc-macro2", "quote", "regex", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "syn 2.0.106", @@ -10569,7 +10601,7 @@ dependencies = [ "proc-macro2", "quote", "regex", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "syn 2.0.106", @@ -10588,7 +10620,7 @@ dependencies = [ "proc-macro2", "progenitor-impl 0.8.0", "quote", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_tokenstream", @@ -10606,7 +10638,7 @@ dependencies = [ "proc-macro2", "progenitor-impl 0.10.0", "quote", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_tokenstream", @@ -10624,7 +10656,7 @@ dependencies = [ "proc-macro2", "progenitor-impl 0.11.2", "quote", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_tokenstream", @@ -10646,7 +10678,7 @@ dependencies = [ "propolis_api_types", "rand 0.9.2", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -10667,7 +10699,7 @@ dependencies = [ "progenitor 0.8.0", "rand 0.8.5", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -10694,7 +10726,7 @@ dependencies = [ "propolis_types", "rand 0.9.2", "reqwest", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -10728,7 +10760,7 @@ source = "git+https://github.com/oxidecomputer/propolis?rev=8e9252917993e36d43dc dependencies = [ "crucible-client-types", "propolis_types", - "schemars", + "schemars 0.8.22", "serde", "thiserror 1.0.69", "uuid", @@ -10739,7 +10771,7 @@ name = "propolis_types" version = "0.0.0" source = "git+https://github.com/oxidecomputer/propolis?rev=8e9252917993e36d43dce96b4409ef151b7d4442#8e9252917993e36d43dce96b4409ef151b7d4442" dependencies = [ - "schemars", + "schemars 0.8.22", "serde", ] @@ -10769,7 +10801,7 @@ version = "0.1.0" source = "git+https://github.com/oxidecomputer/lldp#61479b6922f9112fbe1e722414d2b8055212cb12" dependencies = [ "anyhow", - "schemars", + "schemars 0.8.22", "serde", "thiserror 1.0.69", ] @@ -10884,6 +10916,12 @@ dependencies = [ "proc-macro2", ] +[[package]] +name = "r-efi" +version = "5.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" + [[package]] name = "r2d2" version = "0.8.10" @@ -10967,7 +11005,7 @@ version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38" dependencies = [ - "getrandom 0.3.1", + "getrandom 0.3.4", ] [[package]] @@ -11038,6 +11076,21 @@ dependencies = [ "unicode-width 0.2.0", ] +[[package]] +name = "rats-corim" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/rats-corim#f0d5d5168d3d31487a56df32c676b0c6240bcc6b" +dependencies = [ + "ciborium", + "ciborium-io", + "clap", + "hex", + "serde", + "serde_with", + "strum 0.26.3", + "thiserror 2.0.17", +] + [[package]] name = "raw-cpuid" version = "11.5.0" @@ -11294,7 +11347,7 @@ version = "0.1.0" dependencies = [ "dropshot", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "tufaceous-artifact", ] @@ -11306,7 +11359,7 @@ dependencies = [ "omicron-workspace-hack", "progenitor 0.10.0", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "slog", ] @@ -11922,6 +11975,30 @@ dependencies = [ "uuid", ] +[[package]] +name = "schemars" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4cd191f9397d57d581cddd31014772520aa448f65ef991055d7f61582c65165f" +dependencies = [ + "dyn-clone", + "ref-cast", + "serde", + "serde_json", +] + +[[package]] +name = "schemars" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "82d20c4491bc164fa2f6c5d44565947a52ad80b9505d8e36f8d54c27c739fcd0" +dependencies = [ + "dyn-clone", + "ref-cast", + "serde", + "serde_json", +] + [[package]] name = "schemars_derive" version = "0.8.22" @@ -11945,7 +12022,7 @@ dependencies = [ "dropshot", "http", "iddqd", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -12325,6 +12402,10 @@ dependencies = [ "base64 0.22.1", "chrono", "hex", + "indexmap 1.9.3", + "indexmap 2.11.4", + "schemars 0.9.0", + "schemars 1.0.4", "serde", "serde_derive", "serde_json", @@ -12549,7 +12630,7 @@ dependencies = [ "omicron-common", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "sled-agent-types", @@ -12575,7 +12656,7 @@ dependencies = [ "propolis-client 0.1.0 (git+https://github.com/oxidecomputer/propolis?rev=8e9252917993e36d43dce96b4409ef151b7d4442)", "regress", "reqwest", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "sled-agent-types", @@ -12614,7 +12695,7 @@ dependencies = [ "omicron-workspace-hack", "proptest", "rand 0.9.2", - "schemars", + "schemars 0.8.22", "scopeguard", "serde", "serde_json", @@ -12654,7 +12735,7 @@ dependencies = [ "oxnet", "propolis-client 0.1.0 (git+https://github.com/oxidecomputer/propolis?rev=8e9252917993e36d43dce96b4409ef151b7d4442)", "rcgen", - "schemars", + "schemars 0.8.22", "serde", "serde_human_bytes", "serde_json", @@ -12737,7 +12818,7 @@ dependencies = [ "parallel-task-set", "rand 0.9.2", "regex", - "schemars", + "schemars 0.8.22", "serde", "sled-storage", "slog", @@ -12767,7 +12848,7 @@ dependencies = [ "omicron-uuid-kinds", "omicron-workspace-hack", "rand 0.9.2", - "schemars", + "schemars 0.8.22", "serde", "sled-hardware-types", "slog", @@ -12786,7 +12867,7 @@ dependencies = [ "macaddr", "omicron-common", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", ] @@ -12810,7 +12891,7 @@ dependencies = [ "omicron-test-utils", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "sled-hardware", @@ -13114,15 +13195,17 @@ dependencies = [ [[package]] name = "sprockets-tls" version = "0.1.0" -source = "git+https://github.com/oxidecomputer/sprockets.git?rev=6d31fa63217c6a51061dc4afa1ebe175a0021981#6d31fa63217c6a51061dc4afa1ebe175a0021981" +source = "git+https://github.com/oxidecomputer/sprockets.git?rev=7da1f0b5dcd3d631da18b43ba78a84b1a2b425ee#7da1f0b5dcd3d631da18b43ba78a84b1a2b425ee" dependencies = [ "anyhow", "attest-data", "camino", "cfg-if", "clap", + "dice-mfg-msgs", "dice-verifier", "ed25519-dalek", + "hubpack", "libipcc", "pem-rfc7468", "rustls 0.23.19", @@ -13132,6 +13215,7 @@ dependencies = [ "sha3", "slog", "slog-async", + "slog-error-chain", "slog-term", "thiserror 1.0.69", "tokio", @@ -13248,7 +13332,7 @@ dependencies = [ "lazy_static", "newtype_derive", "petgraph 0.6.5", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -13636,7 +13720,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e8a64e3985349f2441a1a9ef0b853f869006c3855f2cda6862a94d26ebb9d6a1" dependencies = [ "fastrand", - "getrandom 0.3.1", + "getrandom 0.3.4", "once_cell", "rustix 1.0.7", "windows-sys 0.59.0", @@ -14404,7 +14488,7 @@ dependencies = [ "hubpack", "itertools 0.14.0", "nix 0.30.1", - "schemars", + "schemars 0.8.22", "serde", "slog", "slog-async", @@ -14428,7 +14512,7 @@ dependencies = [ "hubpack", "itertools 0.14.0", "nix 0.29.0", - "schemars", + "schemars 0.8.22", "serde", "slog", "slog-async", @@ -14447,7 +14531,7 @@ name = "transceiver-decode" version = "0.1.0" source = "git+https://github.com/oxidecomputer/transceiver-control?branch=main#59b8432ec26c7a3725d5494937ca8bd6886c06a5" dependencies = [ - "schemars", + "schemars 0.8.22", "serde", "static_assertions", "thiserror 2.0.17", @@ -14459,7 +14543,7 @@ name = "transceiver-decode" version = "0.1.0" source = "git+https://github.com/oxidecomputer/transceiver-control#4aac6125a8e6cefbb71d9f8a3d1fe6704207d476" dependencies = [ - "schemars", + "schemars 0.8.22", "serde", "static_assertions", "thiserror 2.0.17", @@ -14474,7 +14558,7 @@ dependencies = [ "bitflags 2.9.4", "clap", "hubpack", - "schemars", + "schemars 0.8.22", "serde", "thiserror 2.0.17", ] @@ -14487,7 +14571,7 @@ dependencies = [ "bitflags 2.9.4", "clap", "hubpack", - "schemars", + "schemars 0.8.22", "serde", "thiserror 2.0.17", ] @@ -14602,7 +14686,7 @@ dependencies = [ "daft", "hex", "proptest", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_human_bytes", @@ -14782,7 +14866,7 @@ dependencies = [ "proc-macro2", "quote", "regress", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -14802,7 +14886,7 @@ dependencies = [ "proc-macro2", "quote", "regress", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -14819,7 +14903,7 @@ checksum = "785e2cdcef0df8160fdd762ed548a637aaec1e83704fdbc14da0df66013ee8d0" dependencies = [ "proc-macro2", "quote", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -14836,7 +14920,7 @@ checksum = "9708a3ceb6660ba3f8d2b8f0567e7d4b8b198e2b94d093b8a6077a751425de9e" dependencies = [ "proc-macro2", "quote", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -15033,7 +15117,7 @@ dependencies = [ "omicron-workspace-hack", "owo-colors", "petgraph 0.8.2", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_with", @@ -15214,7 +15298,7 @@ version = "1.18.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2f87b8aa10b915a06587d0dec516c282ff295b475d94abf425d62b57710070a2" dependencies = [ - "getrandom 0.3.1", + "getrandom 0.3.4", "js-sys", "serde", "wasm-bindgen", @@ -15397,12 +15481,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" [[package]] -name = "wasi" -version = "0.13.3+wasi-0.2.2" +name = "wasip2" +version = "1.0.1+wasi-0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26816d2e1a4a36a2940b96c5296ce403917633dff8f3440e9b236ed6f6bacad2" +checksum = "0562428422c63773dad2c345a1882263bbf4d65cf3f42e90921f787ef5ad58e7" dependencies = [ - "wit-bindgen-rt", + "wit-bindgen", ] [[package]] @@ -15613,7 +15697,7 @@ dependencies = [ "omicron-workspace-hack", "owo-colors", "oxnet", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "sha2", @@ -15703,7 +15787,7 @@ dependencies = [ "oxnet", "rand 0.9.2", "reqwest", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -15748,7 +15832,7 @@ dependencies = [ "omicron-passwords", "omicron-uuid-kinds", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "sled-hardware-types", @@ -15769,7 +15853,7 @@ dependencies = [ "progenitor 0.10.0", "regress", "reqwest", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -15809,7 +15893,7 @@ version = "0.1.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf221c93e13a30d793f7645a0e7762c55d169dbb0a49671918a2319d289b10bb" dependencies = [ - "windows-sys 0.59.0", + "windows-sys 0.48.0", ] [[package]] @@ -16201,13 +16285,10 @@ dependencies = [ ] [[package]] -name = "wit-bindgen-rt" -version = "0.33.0" +name = "wit-bindgen" +version = "0.46.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3268f3d866458b787f390cf61f4bbb563b922d091359f9608842999eaee3943c" -dependencies = [ - "bitflags 2.9.4", -] +checksum = "f17a85883d4e6d00e8a97c586de764dabcc06133f7f1d55dce5cdc070ad7fe59" [[package]] name = "write16" diff --git a/Cargo.toml b/Cargo.toml index cae5da8d65f..630ac028cc4 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -724,7 +724,7 @@ slog-term = "2.9.1" smf = "0.2" socket2 = { version = "0.5", features = ["all"] } sp-sim = { path = "sp-sim" } -sprockets-tls = { git = "https://github.com/oxidecomputer/sprockets.git", rev = "6d31fa63217c6a51061dc4afa1ebe175a0021981" } +sprockets-tls = { git = "https://github.com/oxidecomputer/sprockets.git", rev = "7da1f0b5dcd3d631da18b43ba78a84b1a2b425ee" } sqlformat = "0.3.5" sqlparser = { version = "0.45.0", features = [ "visitor" ] } static_assertions = "1.1.0" diff --git a/sled-agent/src/bootstrap/client.rs b/sled-agent/src/bootstrap/client.rs index 6a14e0dccb0..396506bebfc 100644 --- a/sled-agent/src/bootstrap/client.rs +++ b/sled-agent/src/bootstrap/client.rs @@ -12,6 +12,7 @@ use crate::bootstrap::views::Response; use crate::bootstrap::views::ResponseEnvelope; use sled_agent_types::sled::StartSledAgentRequest; use slog::Logger; +use slog_error_chain::SlogInlineError; use sprockets_tls::client::Client as SprocketsClient; use sprockets_tls::keys::SprocketsConfig; use std::borrow::Cow; @@ -21,34 +22,38 @@ use thiserror::Error; use tokio::io::AsyncReadExt; use tokio::io::AsyncWriteExt; -#[derive(Debug, Error)] +#[derive(Debug, Error, SlogInlineError)] pub enum Error { - #[error("Could not connect to {addr}: {err}")] - Connect { addr: SocketAddrV6, err: sprockets_tls::Error }, + #[error("Could not connect to {addr}")] + Connect { + addr: SocketAddrV6, + #[source] + err: sprockets_tls::Error, + }, - #[error("Failed serializing request: {0}")] - Serialize(serde_json::Error), + #[error("Failed serializing request")] + Serialize(#[source] serde_json::Error), - #[error("Failed writing request length prefix: {0}")] - WriteLengthPrefix(io::Error), + #[error("Failed writing request length prefix")] + WriteLengthPrefix(#[source] io::Error), - #[error("Failed writing request: {0}")] - WriteRequest(io::Error), + #[error("Failed writing request")] + WriteRequest(#[source] io::Error), - #[error("Failed flushing request: {0}")] - FlushRequest(io::Error), + #[error("Failed flushing request")] + FlushRequest(#[source] io::Error), - #[error("Failed reading response length prefix: {0}")] - ReadLengthPrefix(io::Error), + #[error("Failed reading response length prefix")] + ReadLengthPrefix(#[source] io::Error), #[error("Received bogus response length: {0}")] BadResponseLength(u32), - #[error("Failed reading response: {0}")] - ReadResponse(io::Error), + #[error("Failed reading response")] + ReadResponse(#[source] io::Error), - #[error("Failed deserializing response: {0}")] - Deserialize(serde_json::Error), + #[error("Failed deserializing response")] + Deserialize(#[source] serde_json::Error), #[error("Unsupported version: {0}")] UnsupportedVersion(u32), @@ -111,9 +116,13 @@ impl Client { let log = self.log.new(o!("component" => "SledAgentSprocketsClient")); // Establish connection and sprockets connection (if possible). // The sprockets client loads the associated root certificates at this point. + // + // TODO: Use a real corpus + let corpus = vec![]; let stream = SprocketsClient::connect( self.sprockets_conf.clone(), self.addr, + corpus, log.clone(), ) .await diff --git a/sled-agent/src/bootstrap/sprockets_server.rs b/sled-agent/src/bootstrap/sprockets_server.rs index 17eb51eb48b..f4794b8067f 100644 --- a/sled-agent/src/bootstrap/sprockets_server.rs +++ b/sled-agent/src/bootstrap/sprockets_server.rs @@ -59,22 +59,33 @@ impl SprocketsServer { /// which is cancel-safe. Note that cancelling this /// server does not necessarily cancel any outstanding requests that it has /// already received (and which may still be executing). - pub(super) async fn run(mut self) { + pub(super) async fn run(self) { loop { // Sprockets actually _uses_ the key here! - let (stream, remote_addr) = match self.listener.accept().await { - Ok(conn) => conn, + // TODO: Once we have a corpus, use it. + // Will we ever have one at RSS time? + let corpus = vec![]; + let acceptor = match self.listener.accept(corpus).await { + Ok(acceptor) => acceptor, Err(err) => { - error!(self.log, "accept() failed"; "err" => #%err); + error!(self.log, "accept() failed"; &err); continue; } }; - let log = self.log.new(o!("remote_addr" => remote_addr)); - info!(log, "Accepted connection"); - + let log = self.log.new(o!("remote_addr" => acceptor.addr())); + info!(log, "TCP connection accepted"); let tx_requests = self.tx_requests.clone(); tokio::spawn(async move { + let stream = match acceptor.handshake().await { + Ok((stream, _)) => stream, + Err(err) => { + error!(log, "Sprockets handshake failed"; &err); + return; + } + }; + info!(log, "Sprockets handshake completed"); + match handle_start_sled_agent_request(stream, tx_requests, &log) .await { diff --git a/sled-agent/src/sled_agent.rs b/sled-agent/src/sled_agent.rs index 7450183803b..a8e5d20f790 100644 --- a/sled-agent/src/sled_agent.rs +++ b/sled-agent/src/sled_agent.rs @@ -78,7 +78,7 @@ use sled_hardware::{HardwareManager, MemoryReservations, underlay}; use sled_hardware_types::Baseboard; use sled_hardware_types::underlay::BootstrapInterface; use slog::Logger; -use slog_error_chain::InlineErrorChain; +use slog_error_chain::{InlineErrorChain, SlogInlineError}; use sprockets_tls::keys::SprocketsConfig; use std::collections::BTreeMap; use std::net::{Ipv6Addr, SocketAddrV6}; @@ -1187,7 +1187,7 @@ impl SledAgent { } } -#[derive(From, thiserror::Error, Debug)] +#[derive(From, thiserror::Error, Debug, SlogInlineError)] pub enum AddSledError { #[error("Failed to learn bootstrap ip for {sled_id}")] BootstrapAgentClient { @@ -1202,6 +1202,7 @@ pub enum AddSledError { #[error("Failed to initialize {sled_id}: {err}")] BootstrapTcpClient { sled_id: Baseboard, + #[source] err: crate::bootstrap::client::Error, }, } diff --git a/smf/sled-agent/gimlet-standalone/config.toml b/smf/sled-agent/gimlet-standalone/config.toml index 5fee0a76d5a..ebd101adef4 100644 --- a/smf/sled-agent/gimlet-standalone/config.toml +++ b/smf/sled-agent/gimlet-standalone/config.toml @@ -76,4 +76,5 @@ if_exists = "append" [sprockets] resolve = { which = "ipcc" } +attest = { which = "ipcc" } roots = ["/usr/share/oxide/idcerts/staging.pem", "/usr/share/oxide/idcerts/production.pem"] diff --git a/smf/sled-agent/gimlet/config.toml b/smf/sled-agent/gimlet/config.toml index caca6d4fcd1..6f9e54ab9c5 100644 --- a/smf/sled-agent/gimlet/config.toml +++ b/smf/sled-agent/gimlet/config.toml @@ -72,4 +72,5 @@ if_exists = "append" [sprockets] resolve = { which = "ipcc" } +attest = { which = "ipcc" } roots = ["/usr/share/oxide/idcerts/staging.pem", "/usr/share/oxide/idcerts/production.pem"] diff --git a/smf/sled-agent/non-gimlet/config.kdl b/smf/sled-agent/non-gimlet/config.kdl index b24fa86870c..17931ff36bc 100644 --- a/smf/sled-agent/non-gimlet/config.kdl +++ b/smf/sled-agent/non-gimlet/config.kdl @@ -77,46 +77,6 @@ certificate "test-signer-a1" { } } -key-pair "test-signer-a2" { - p384 -} - -entity "test-signer-a2" { - country-name "US" - organization-name "Oxide Computer Company" - common-name "test-platformid-1 Signer Staging A2" -} - -certificate "test-signer-a2" { - issuer-certificate "test-root-a" - issuer-key "test-root-a" - - subject-entity "test-signer-a2" - subject-key "test-signer-a2" - - digest-algorithm "sha-384" - not-after "9999-12-31T23:59:59Z" - serial-number "01" - - extensions { - subject-key-identifier critical=false - authority-key-identifier critical=false { - key-id - } - - basic-constraints critical=true ca=true - key-usage critical=true { - key-cert-sign - crl-sign - } - certificate-policies critical=true { - oana-platform-identity - tcg-dice-kp-identity-init - tcg-dice-kp-attest-init - tcg-dice-kp-eca - } - } -} /// Device 1 key-pair "test-platformid-1" { ed25519 @@ -166,7 +126,7 @@ key-pair "test-deviceid-1" { entity "test-deviceid-1" { country-name "US" organization-name "Oxide Computer Company" - common-name "/C=US/O=Oxide Computer Company/CN=test-deviceid-1" + common-name "test-deviceid-1" } certificate "test-deviceid-1" { @@ -207,7 +167,7 @@ key-pair "test-sprockets-auth-1" { entity "test-sprockets-auth-1" { country-name "US" organization-name "Oxide Computer Company" - common-name "/C=US/O=Oxide Computer Company/CN=test-sprockets-auth-1" + common-name "test-sprockets-auth-1" } certificate "test-sprockets-auth-1" { @@ -241,6 +201,58 @@ certificate "test-sprockets-auth-1" { } } +// TODO: sprockets reverses this cert chain before passing it to rustls +certificate-list "test-sprockets-auth-1" \ + "test-signer-a1" \ + "test-platformid-1" \ + "test-deviceid-1" \ + "test-sprockets-auth-1" + +key-pair "test-alias-1" { + ed25519 +} + +entity "test-alias-1" { + country-name "US" + organization-name "Oxide Computer Company" + common-name "alias" +} + +certificate "test-alias-1" { + issuer-certificate "test-deviceid-1" + issuer-key "test-deviceid-1" + + subject-entity "test-alias-1" + subject-key "test-alias-1" + + not-after "9999-12-31T23:59:59Z" + serial-number "00" + + extensions { + basic-constraints critical=true ca=false + key-usage critical=true { + digital-signature + } + certificate-policies critical=true { + tcg-dice-kp-attest-init + } + dice-tcb-info critical=true { + fwid-list { + fwid { + digest-algorithm "sha3-256" + digest "72fa8f8ea84a42251031366002cbb36281d0131f78cd680436116a720cdd9de5" + } + } + } + } +} + +certificate-list "test-alias-1" \ + "test-alias-1" \ + "test-deviceid-1" \ + "test-platformid-1" \ + "test-signer-a1" + /// Device 2 key-pair "test-platformid-2" { @@ -291,7 +303,7 @@ key-pair "test-deviceid-2" { entity "test-deviceid-2" { country-name "US" organization-name "Oxide Computer Company" - common-name "/C=US/O=Oxide Computer Company/CN=test-deviceid-2" + common-name "test-deviceid-2" } certificate "test-deviceid-2" { @@ -332,7 +344,7 @@ key-pair "test-sprockets-auth-2" { entity "test-sprockets-auth-2" { country-name "US" organization-name "Oxide Computer Company" - common-name "/C=US/O=Oxide Computer Company/CN=test-sprockets-auth-2" + common-name "test-sprockets-auth-2" } certificate "test-sprockets-auth-2" { @@ -366,3 +378,54 @@ certificate "test-sprockets-auth-2" { } } +// TODO: sprockets reverses this cert chain before passing it to rustls +certificate-list "test-sprockets-auth-2" \ + "test-signer-a1" \ + "test-platformid-2" \ + "test-deviceid-2" \ + "test-sprockets-auth-2" + +key-pair "test-alias-2" { + ed25519 +} + +entity "test-alias-2" { + country-name "US" + organization-name "Oxide Computer Company" + common-name "alias" +} + +certificate "test-alias-2" { + issuer-certificate "test-deviceid-2" + issuer-key "test-deviceid-2" + + subject-entity "test-alias-2" + subject-key "test-alias-2" + + not-after "9999-12-31T23:59:59Z" + serial-number "00" + + extensions { + basic-constraints critical=true ca=false + key-usage critical=true { + digital-signature + } + certificate-policies critical=true { + tcg-dice-kp-attest-init + } + dice-tcb-info critical=true { + fwid-list { + fwid { + digest-algorithm "sha3-256" + digest "72fa8f8ea84a42251031366002cbb36281d0131f78cd680436116a720cdd9de5" + } + } + } + } +} + +certificate-list "test-alias-2" \ + "test-alias-2" \ + "test-deviceid-2" \ + "test-platformid-2" \ + "test-signer-a1" diff --git a/smf/sled-agent/non-gimlet/config.toml b/smf/sled-agent/non-gimlet/config.toml index d182f1bc927..207202adac2 100644 --- a/smf/sled-agent/non-gimlet/config.toml +++ b/smf/sled-agent/non-gimlet/config.toml @@ -121,4 +121,5 @@ if_exists = "append" # See the .kdl file for use with pki-playground for generating [sprockets] resolve = { which = "local", priv_key = "/opt/oxide/sled-agent/pkg/sprockets-auth.key.pem", cert_chain = "/opt/oxide/sled-agent/pkg/sprockets-chain.pem" } +attest = { which = "local", priv_key = "/opt/oxide/sled-agent/pkg/sprockets-attest.key.pem", cert_chain = "/opt/oxide/sled-agent/pkg/sprockets-attest-chain.pem", log = "/opt/oxide/sled-agent/pkg/sprockets-log.bin" } roots = ["/opt/oxide/sled-agent/pkg/root.cert.pem"] diff --git a/smf/sled-agent/non-gimlet/root.cert.pem b/smf/sled-agent/non-gimlet/root.cert.pem index 6b3844fa5c1..2698b5c95fe 100644 --- a/smf/sled-agent/non-gimlet/root.cert.pem +++ b/smf/sled-agent/non-gimlet/root.cert.pem @@ -1,14 +1,14 @@ -----BEGIN CERTIFICATE----- -MIICNTCCAbugAwIBAgIBADAKBggqhkjOPQQDAzBEMQswCQYDVQQGEwJVUzEfMB0G +MIICNjCCAbugAwIBAgIBADAKBggqhkjOPQQDAzBEMQswCQYDVQQGEwJVUzEfMB0G A1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29tcGFueTEUMBIGA1UEAwwLdGVzdC1yb290 -LWEwIBcNMjQwNjEyMTYzMjM3WhgPOTk5OTEyMzEyMzU5NTlaMEQxCzAJBgNVBAYT +LWEwIBcNMjUwNzE3MjM1MjAyWhgPOTk5OTEyMzEyMzU5NTlaMEQxCzAJBgNVBAYT AlVTMR8wHQYDVQQKDBZPeGlkZSBDb21wdXRlciBDb21wYW55MRQwEgYDVQQDDAt0 -ZXN0LXJvb3QtYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMTVjqvxuneT7jaxw6AJ -qqTY3wKithGZt2PUF1TI1AMhnJtfomYjqkQutd+uLhWW5Kq4KXSfZm3OUdZYODZx -n96zENU/iBwq0c0/+FcZEEGQpoSFU5gFfK2/NeMAI3i8c6N/MH0wHQYDVR0OBBYE -FA32eUa3XQ7AOCxvlhiPSVrs/q76MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ +ZXN0LXJvb3QtYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABFsoJvbvOh6jULakcq5J +syiG+X7hmTiDVFw5wbRp5x+hM0OV1URU6gF1fvHMnx3TS6r2VhUcRn6jvje958Kf +FoQW02GTwuMw2zXzXl4X/LTQWjpIqmr0/YBeLEzIRUTiiKN/MH0wHQYDVR0OBBYE +FK4mUY+okoRWTHZvwbpMqqYj1zQxMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ BAQDAgEGMDsGA1UdIAEB/wQxMC8wDAYKKwYBBAGDwU8BAzAJBgdngQUFBGQGMAkG -B2eBBQUEZAgwCQYHZ4EFBQRkDDAKBggqhkjOPQQDAwNoADBlAjB8UhO0TeULDm2k -RAnyzd1aVissw+BCZGvRsoVuH/Z7i9Yb/fu4pejwuECKO0D7eJUCMQDafRL3gT55 -NBb2W+z8WGKS8B2JIO/Gonnx4XXPYXDsOXlYyGKPqh+VOCRNT7KcQ30= +B2eBBQUEZAgwCQYHZ4EFBQRkDDAKBggqhkjOPQQDAwNpADBmAjEAhDlimZx4MQoR +TtLN1P1sQimopsxXOYgF3a2MkTHIxKuPAwG8KOYUbN/pQ8z2sljUAjEAtjH7Fp1a +IlVT6bbRJX1wXkF6Z13VWcgjGJ7q6GSfw6Ef5/SthSGRJ59EU0WNXrRy -----END CERTIFICATE----- diff --git a/smf/sled-agent/non-gimlet/sprockets-attest-chain.pem b/smf/sled-agent/non-gimlet/sprockets-attest-chain.pem new file mode 100644 index 00000000000..851b8e3c991 --- /dev/null +++ b/smf/sled-agent/non-gimlet/sprockets-attest-chain.pem @@ -0,0 +1,54 @@ +-----BEGIN CERTIFICATE----- +MIIBsjCCAWSgAwIBAgIBADAFBgMrZXAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoM +Fk94aWRlIENvbXB1dGVyIENvbXBhbnkxGDAWBgNVBAMMD3Rlc3QtZGV2aWNlaWQt +MTAgFw0yNTA3MTcyMzUyMDJaGA85OTk5MTIzMTIzNTk1OVowPjELMAkGA1UEBhMC +VVMxHzAdBgNVBAoMFk94aWRlIENvbXB1dGVyIENvbXBhbnkxDjAMBgNVBAMMBWFs +aWFzMCowBQYDK2VwAyEAUXZIqDGOUSFhfTkHETe59fMWckj9cdtkUXNJccGkxOyj +ezB5MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgeAMBcGA1UdIAEB/wQNMAsw +CQYHZ4EFBQRkCDBABgZngQUFBAEBAf8EMzAxpi8wLQYJYIZIAWUDBAIIBCBy+o+O +qEpCJRAxNmACy7NigdATH3jNaAQ2EWpyDN2d5TAFBgMrZXADQQA4Jm+PChgzq9UM +B4ovepdX0dMRw6h/hys5pKl1P2U+9AEiQuuToQmZNDiaAtLWZB3ayXqGAsX6A9xB +luIl6dwB +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB9DCCAaagAwIBAgIBAzAFBgMrZXAwWTELMAkGA1UEBhMCVVMxHzAdBgNVBAoM +Fk94aWRlIENvbXB1dGVyIENvbXBhbnkxKTAnBgNVBAMMIFBEVjI6UFBQLVBQUFBQ +UFA6UlJSOlNTU1NTU1NTU1MxMCAXDTI1MDcxNzIzNTIwMloYDzk5OTkxMjMxMjM1 +OTU5WjBIMQswCQYDVQQGEwJVUzEfMB0GA1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29t +cGFueTEYMBYGA1UEAwwPdGVzdC1kZXZpY2VpZC0xMCowBQYDK2VwAyEAbI0YknU5 +SGgXiRTWtQ81rJII1Nj6qpR2+4Vg9SJs6m+jgaEwgZ4wHQYDVR0OBBYEFBfF3d1z +3itfdQxZAuDr6Dy9u2VKMB8GA1UdIwQYMBaAFMpcjEGodfTZCWhy/C0+qhQcPV7f +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMDsGA1UdIAEB/wQxMC8w +DAYKKwYBBAGDwU8BAzAJBgdngQUFBGQGMAkGB2eBBQUEZAgwCQYHZ4EFBQRkDDAF +BgMrZXADQQByIHIWf+2+wWtj4lgJ0ctyhvhxVHUi4Y14VXyn0E751z5TjhE+H9jE +0JNZ9DKQRLfDVPJkh8oOIyDmrmG1sGQJ +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICIzCCAaqgAwIBAgIBAjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEfMB0G +A1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29tcGFueTEXMBUGA1UEAwwOdGVzdC1zaWdu +ZXItYTEwIBcNMjUwNzE3MjM1MjAyWhgPOTk5OTEyMzEyMzU5NTlaMFkxCzAJBgNV +BAYTAlVTMR8wHQYDVQQKDBZPeGlkZSBDb21wdXRlciBDb21wYW55MSkwJwYDVQQD +DCBQRFYyOlBQUC1QUFBQUFBQOlJSUjpTU1NTU1NTU1NTMTAqMAUGAytlcAMhAJkr +ThswA4PBB1ozVUyvWgh7vbblDf9aYNIymu1NZQEfo4GhMIGeMB0GA1UdDgQWBBTK +XIxBqHX02QlocvwtPqoUHD1e3zAfBgNVHSMEGDAWgBSBxc2E4Rnj7v7MpPkmbt/h +GyKeYzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA7BgNVHSABAf8E +MTAvMAwGCisGAQQBg8FPAQMwCQYHZ4EFBQRkBjAJBgdngQUFBGQIMAkGB2eBBQUE +ZAwwCgYIKoZIzj0EAwMDZwAwZAIwMz5+8zFipptX2gjVKS7z8aW4MX5FZ3DMBexs +d0LWqpZFOuPhdF3qwVwy6o0OTx7QAjA0+TzvaFRRRhHqHT9rsFAXUZtNtspfO1WJ +SuGmMcou/n15AHvVdkEVNwly9o82HvQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICWzCCAeGgAwIBAgIBATAKBggqhkjOPQQDAzBEMQswCQYDVQQGEwJVUzEfMB0G +A1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29tcGFueTEUMBIGA1UEAwwLdGVzdC1yb290 +LWEwIBcNMjUwNzE3MjM1MjAyWhgPOTk5OTEyMzEyMzU5NTlaMEcxCzAJBgNVBAYT +AlVTMR8wHQYDVQQKDBZPeGlkZSBDb21wdXRlciBDb21wYW55MRcwFQYDVQQDDA50 +ZXN0LXNpZ25lci1hMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABAhPpgkRwXCn013A +iOSJEqcoRf1GusXmHBnrZGzVEwQZLsHmYlH67fuH5Kxy5UyCHgZPP9XZJftFq9s7 +1qoQSd5hKcSiGix50agGXljfCcsZBGmndCBWDP43PG1R9Wjm46OBoTCBnjAdBgNV +HQ4EFgQUgcXNhOEZ4+7+zKT5Jm7f4RsinmMwHwYDVR0jBBgwFoAUriZRj6iShFZM +dm/BukyqpiPXNDEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOwYD +VR0gAQH/BDEwLzAMBgorBgEEAYPBTwEDMAkGB2eBBQUEZAYwCQYHZ4EFBQRkCDAJ +BgdngQUFBGQMMAoGCCqGSM49BAMDA2gAMGUCMBgCuv42ED7ZC3jdfmnu45BKJT4Q +fOT08GcnsXEdhgRHG9FsiczPbrm2TjwcaWRgpgIxAMLki94bNupN1l8vJQSfENZ5 +S7fm3UjPNZlUHEWqVa5r9Ir+4BJkO2ScPkLqL57DrA== +-----END CERTIFICATE----- diff --git a/smf/sled-agent/non-gimlet/sprockets-attest.key.pem b/smf/sled-agent/non-gimlet/sprockets-attest.key.pem new file mode 100644 index 00000000000..0936c50b1d4 --- /dev/null +++ b/smf/sled-agent/non-gimlet/sprockets-attest.key.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MFECAQEwBQYDK2VwBCIEIBHikYQAZaDLehZcmExdbIXbaOhy/VTstrwkyz6BhPSr +gSEAUXZIqDGOUSFhfTkHETe59fMWckj9cdtkUXNJccGkxOw= +-----END PRIVATE KEY----- diff --git a/smf/sled-agent/non-gimlet/sprockets-auth.key.pem b/smf/sled-agent/non-gimlet/sprockets-auth.key.pem index ef762303f44..43b636d0074 100644 --- a/smf/sled-agent/non-gimlet/sprockets-auth.key.pem +++ b/smf/sled-agent/non-gimlet/sprockets-auth.key.pem @@ -1,4 +1,4 @@ -----BEGIN PRIVATE KEY----- -MFECAQEwBQYDK2VwBCIEIP//7ZHeb32TVF+0V21Fk7IU51xMnjOQ/VfCnM4YsoWC -gSEA3YfArFPuOHDoQj3aO5VSyuOIPfbAuEpB93dnYnZlM2U= +MFECAQEwBQYDK2VwBCIEIIo2H/nd1jqLtM9v0UzVc67Zgpgigvq6hBSc32gJ36ts +gSEABFi4YFeNMMddHHrQKkEaIaD3X8+ueF5vCe6dVfHQAJs= -----END PRIVATE KEY----- diff --git a/smf/sled-agent/non-gimlet/sprockets-chain.pem b/smf/sled-agent/non-gimlet/sprockets-chain.pem index 04a04fd00cf..11e91c17edd 100644 --- a/smf/sled-agent/non-gimlet/sprockets-chain.pem +++ b/smf/sled-agent/non-gimlet/sprockets-chain.pem @@ -1,71 +1,55 @@ -----BEGIN CERTIFICATE----- -MIICNTCCAbugAwIBAgIBADAKBggqhkjOPQQDAzBEMQswCQYDVQQGEwJVUzEfMB0G -A1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29tcGFueTEUMBIGA1UEAwwLdGVzdC1yb290 -LWEwIBcNMjQwNjEyMTYzMjM3WhgPOTk5OTEyMzEyMzU5NTlaMEQxCzAJBgNVBAYT -AlVTMR8wHQYDVQQKDBZPeGlkZSBDb21wdXRlciBDb21wYW55MRQwEgYDVQQDDAt0 -ZXN0LXJvb3QtYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMTVjqvxuneT7jaxw6AJ -qqTY3wKithGZt2PUF1TI1AMhnJtfomYjqkQutd+uLhWW5Kq4KXSfZm3OUdZYODZx -n96zENU/iBwq0c0/+FcZEEGQpoSFU5gFfK2/NeMAI3i8c6N/MH0wHQYDVR0OBBYE -FA32eUa3XQ7AOCxvlhiPSVrs/q76MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ -BAQDAgEGMDsGA1UdIAEB/wQxMC8wDAYKKwYBBAGDwU8BAzAJBgdngQUFBGQGMAkG -B2eBBQUEZAgwCQYHZ4EFBQRkDDAKBggqhkjOPQQDAwNoADBlAjB8UhO0TeULDm2k -RAnyzd1aVissw+BCZGvRsoVuH/Z7i9Yb/fu4pejwuECKO0D7eJUCMQDafRL3gT55 -NBb2W+z8WGKS8B2JIO/Gonnx4XXPYXDsOXlYyGKPqh+VOCRNT7KcQ30= +MIIB5jCCAZigAwIBAgIBBDAFBgMrZXAwSDELMAkGA1UEBhMCVVMxHzAdBgNVBAoM +Fk94aWRlIENvbXB1dGVyIENvbXBhbnkxGDAWBgNVBAMMD3Rlc3QtZGV2aWNlaWQt +MTAgFw0yNTA3MTcyMzUyMDJaGA85OTk5MTIzMTIzNTk1OVowTjELMAkGA1UEBhMC +VVMxHzAdBgNVBAoMFk94aWRlIENvbXB1dGVyIENvbXBhbnkxHjAcBgNVBAMMFXRl +c3Qtc3Byb2NrZXRzLWF1dGgtMTAqMAUGAytlcAMhAARYuGBXjTDHXRx60CpBGiGg +91/PrnhebwnunVXx0ACbo4GeMIGbMB0GA1UdDgQWBBTDTg0iUtNjiQdxMuHYJjAM +KA8OgzAfBgNVHSMEGDAWgBQXxd3dc94rX3UMWQLg6+g8vbtlSjAMBgNVHRMBAf8E +AjAAMA4GA1UdDwEB/wQEAwIGwDA7BgNVHSABAf8EMTAvMAwGCisGAQQBg8FPAQMw +CQYHZ4EFBQRkBjAJBgdngQUFBGQIMAkGB2eBBQUEZAwwBQYDK2VwA0EAZI6QKdaD +GJucJGU9XA8HQS5OWtYnpVYzOWAKpTEliizbrg5QDtPge1lsJXB8ioJEoJaBDpva +4VvxTLsVNHIXBw== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICWzCCAeGgAwIBAgIBATAKBggqhkjOPQQDAzBEMQswCQYDVQQGEwJVUzEfMB0G -A1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29tcGFueTEUMBIGA1UEAwwLdGVzdC1yb290 -LWEwIBcNMjQwNjEyMTYzMjM3WhgPOTk5OTEyMzEyMzU5NTlaMEcxCzAJBgNVBAYT -AlVTMR8wHQYDVQQKDBZPeGlkZSBDb21wdXRlciBDb21wYW55MRcwFQYDVQQDDA50 -ZXN0LXNpZ25lci1hMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABPvzr9YC1dTt1uax -prUzHywnDNkWITkTfAEyLb39QFMntcflGIMhTIPqGx27kc/HfwC1YyMt9ILHM9tp -BOmrv87r4FU0LFGTtnxusAbOFG9XqVGr/N8U6kbA5dzYDgqo7aOBoTCBnjAdBgNV -HQ4EFgQUCi1ys6RafYnKs4DOu/c/BrvD/1cwHwYDVR0jBBgwFoAUDfZ5RrddDsA4 -LG+WGI9JWuz+rvowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOwYD -VR0gAQH/BDEwLzAMBgorBgEEAYPBTwEDMAkGB2eBBQUEZAYwCQYHZ4EFBQRkCDAJ -BgdngQUFBGQMMAoGCCqGSM49BAMDA2gAMGUCMQCrf7KzLwY7vUlW0eYEQQpKfTI3 -NLK9P/KNeLW4/TzTCPOKCqcHVi3hQsVkkZlWOO4CMCB0SzgmFUNMmRv3xBJBhiX6 -Kq9QPbDQqzCIGBFa25n6vPhjtx+6J6nliA75I5RNhw== +MIIB9DCCAaagAwIBAgIBAzAFBgMrZXAwWTELMAkGA1UEBhMCVVMxHzAdBgNVBAoM +Fk94aWRlIENvbXB1dGVyIENvbXBhbnkxKTAnBgNVBAMMIFBEVjI6UFBQLVBQUFBQ +UFA6UlJSOlNTU1NTU1NTU1MxMCAXDTI1MDcxNzIzNTIwMloYDzk5OTkxMjMxMjM1 +OTU5WjBIMQswCQYDVQQGEwJVUzEfMB0GA1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29t +cGFueTEYMBYGA1UEAwwPdGVzdC1kZXZpY2VpZC0xMCowBQYDK2VwAyEAbI0YknU5 +SGgXiRTWtQ81rJII1Nj6qpR2+4Vg9SJs6m+jgaEwgZ4wHQYDVR0OBBYEFBfF3d1z +3itfdQxZAuDr6Dy9u2VKMB8GA1UdIwQYMBaAFMpcjEGodfTZCWhy/C0+qhQcPV7f +MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMDsGA1UdIAEB/wQxMC8w +DAYKKwYBBAGDwU8BAzAJBgdngQUFBGQGMAkGB2eBBQUEZAgwCQYHZ4EFBQRkDDAF +BgMrZXADQQByIHIWf+2+wWtj4lgJ0ctyhvhxVHUi4Y14VXyn0E751z5TjhE+H9jE +0JNZ9DKQRLfDVPJkh8oOIyDmrmG1sGQJ -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICJDCCAaqgAwIBAgIBAjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEfMB0G +MIICIzCCAaqgAwIBAgIBAjAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJVUzEfMB0G A1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29tcGFueTEXMBUGA1UEAwwOdGVzdC1zaWdu -ZXItYTEwIBcNMjQwNjEyMTYzMjM3WhgPOTk5OTEyMzEyMzU5NTlaMFkxCzAJBgNV +ZXItYTEwIBcNMjUwNzE3MjM1MjAyWhgPOTk5OTEyMzEyMzU5NTlaMFkxCzAJBgNV BAYTAlVTMR8wHQYDVQQKDBZPeGlkZSBDb21wdXRlciBDb21wYW55MSkwJwYDVQQD -DCBQRFYyOlBQUC1QUFBQUFBQOlJSUjpTU1NTU1NTU1NTMTAqMAUGAytlcAMhAEKj -CmIAH2mJrc1ZWRoJ57hMc7Z/iqr7fjP0K4afAGvvo4GhMIGeMB0GA1UdDgQWBBQK -Ma9hbXEgoKx7esWcn2hOVUcV8zAfBgNVHSMEGDAWgBQKLXKzpFp9icqzgM679z8G -u8P/VzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA7BgNVHSABAf8E +DCBQRFYyOlBQUC1QUFBQUFBQOlJSUjpTU1NTU1NTU1NTMTAqMAUGAytlcAMhAJkr +ThswA4PBB1ozVUyvWgh7vbblDf9aYNIymu1NZQEfo4GhMIGeMB0GA1UdDgQWBBTK +XIxBqHX02QlocvwtPqoUHD1e3zAfBgNVHSMEGDAWgBSBxc2E4Rnj7v7MpPkmbt/h +GyKeYzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA7BgNVHSABAf8E MTAvMAwGCisGAQQBg8FPAQMwCQYHZ4EFBQRkBjAJBgdngQUFBGQIMAkGB2eBBQUE -ZAwwCgYIKoZIzj0EAwMDaAAwZQIwVCZWAzRlrBUUTEB7KP6AqTEeSt90NEFl3RK0 -dV4mEcu4Hv4G3jYChc8BFc83vxyNAjEAt62G/x2jdVf8SQH8cPcIy6G3dfdqrGju -LoPtsRXrW8c/9zOSSO5l2L9vPX/xiIJJ +ZAwwCgYIKoZIzj0EAwMDZwAwZAIwMz5+8zFipptX2gjVKS7z8aW4MX5FZ3DMBexs +d0LWqpZFOuPhdF3qwVwy6o0OTx7QAjA0+TzvaFRRRhHqHT9rsFAXUZtNtspfO1WJ +SuGmMcou/n15AHvVdkEVNwly9o82HvQ= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIICFjCCAcigAwIBAgIBAzAFBgMrZXAwWTELMAkGA1UEBhMCVVMxHzAdBgNVBAoM -Fk94aWRlIENvbXB1dGVyIENvbXBhbnkxKTAnBgNVBAMMIFBEVjI6UFBQLVBQUFBQ -UFA6UlJSOlNTU1NTU1NTU1MxMCAXDTI0MDYxMjE2MzIzN1oYDzk5OTkxMjMxMjM1 -OTU5WjBqMQswCQYDVQQGEwJVUzEfMB0GA1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29t -cGFueTE6MDgGA1UEAwwxL0M9VVMvTz1PeGlkZSBDb21wdXRlciBDb21wYW55L0NO -PXRlc3QtZGV2aWNlaWQtMTAqMAUGAytlcAMhAM2dFyuZTc+8Jw7QghR/AzeXBsf/ -ZbSKT7qmD8gPWi2Io4GhMIGeMB0GA1UdDgQWBBQYuL8mjvsFqItN35+vpMthvAO1 -wjAfBgNVHSMEGDAWgBQKMa9hbXEgoKx7esWcn2hOVUcV8zAPBgNVHRMBAf8EBTAD -AQH/MA4GA1UdDwEB/wQEAwIBBjA7BgNVHSABAf8EMTAvMAwGCisGAQQBg8FPAQMw -CQYHZ4EFBQRkBjAJBgdngQUFBGQIMAkGB2eBBQUEZAwwBQYDK2VwA0EA8PWIkypd -mZ0Zh3fx3GLEUbVrF0ZyX+1LJeGWR3OChazCz3SLcfncQeOG8OZjURq5Rby3Phar -GfajBESau9KoCA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICKjCCAdygAwIBAgIBBDAFBgMrZXAwajELMAkGA1UEBhMCVVMxHzAdBgNVBAoM -Fk94aWRlIENvbXB1dGVyIENvbXBhbnkxOjA4BgNVBAMMMS9DPVVTL089T3hpZGUg -Q29tcHV0ZXIgQ29tcGFueS9DTj10ZXN0LWRldmljZWlkLTEwIBcNMjQwNjEyMTYz -MjM3WhgPOTk5OTEyMzEyMzU5NTlaMHAxCzAJBgNVBAYTAlVTMR8wHQYDVQQKDBZP -eGlkZSBDb21wdXRlciBDb21wYW55MUAwPgYDVQQDDDcvQz1VUy9PPU94aWRlIENv -bXB1dGVyIENvbXBhbnkvQ049dGVzdC1zcHJvY2tldHMtYXV0aC0xMCowBQYDK2Vw -AyEA3YfArFPuOHDoQj3aO5VSyuOIPfbAuEpB93dnYnZlM2WjgZ4wgZswHQYDVR0O -BBYEFM9T7TDOVi/SVlkO5mayCNQ5uHDiMB8GA1UdIwQYMBaAFBi4vyaO+wWoi03f -n6+ky2G8A7XCMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMDsGA1UdIAEB -/wQxMC8wDAYKKwYBBAGDwU8BAzAJBgdngQUFBGQGMAkGB2eBBQUEZAgwCQYHZ4EF -BQRkDDAFBgMrZXADQQC4Zz6tZabSnDVf3dnEIdpnknsVCCncKm0dna1sf0BOrd7p -cXNwDx3GINm0jXaLg/N5srh5z/v+TLj8vXwr/uEP +MIICWzCCAeGgAwIBAgIBATAKBggqhkjOPQQDAzBEMQswCQYDVQQGEwJVUzEfMB0G +A1UECgwWT3hpZGUgQ29tcHV0ZXIgQ29tcGFueTEUMBIGA1UEAwwLdGVzdC1yb290 +LWEwIBcNMjUwNzE3MjM1MjAyWhgPOTk5OTEyMzEyMzU5NTlaMEcxCzAJBgNVBAYT +AlVTMR8wHQYDVQQKDBZPeGlkZSBDb21wdXRlciBDb21wYW55MRcwFQYDVQQDDA50 +ZXN0LXNpZ25lci1hMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABAhPpgkRwXCn013A +iOSJEqcoRf1GusXmHBnrZGzVEwQZLsHmYlH67fuH5Kxy5UyCHgZPP9XZJftFq9s7 +1qoQSd5hKcSiGix50agGXljfCcsZBGmndCBWDP43PG1R9Wjm46OBoTCBnjAdBgNV +HQ4EFgQUgcXNhOEZ4+7+zKT5Jm7f4RsinmMwHwYDVR0jBBgwFoAUriZRj6iShFZM +dm/BukyqpiPXNDEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwOwYD +VR0gAQH/BDEwLzAMBgorBgEEAYPBTwEDMAkGB2eBBQUEZAYwCQYHZ4EFBQRkCDAJ +BgdngQUFBGQMMAoGCCqGSM49BAMDA2gAMGUCMBgCuv42ED7ZC3jdfmnu45BKJT4Q +fOT08GcnsXEdhgRHG9FsiczPbrm2TjwcaWRgpgIxAMLki94bNupN1l8vJQSfENZ5 +S7fm3UjPNZlUHEWqVa5r9Ir+4BJkO2ScPkLqL57DrA== -----END CERTIFICATE----- diff --git a/smf/sled-agent/non-gimlet/sprockets-log.bin b/smf/sled-agent/non-gimlet/sprockets-log.bin new file mode 100644 index 00000000000..7b2efba5544 Binary files /dev/null and b/smf/sled-agent/non-gimlet/sprockets-log.bin differ diff --git a/smf/sled-agent/non-gimlet/testing-measurements/corim-rot.cbor b/smf/sled-agent/non-gimlet/testing-measurements/corim-rot.cbor new file mode 100644 index 00000000000..4e7b66a24dc Binary files /dev/null and b/smf/sled-agent/non-gimlet/testing-measurements/corim-rot.cbor differ diff --git a/smf/sled-agent/non-gimlet/testing-measurements/corim-sp.cbor b/smf/sled-agent/non-gimlet/testing-measurements/corim-sp.cbor new file mode 100644 index 00000000000..703010cb567 Binary files /dev/null and b/smf/sled-agent/non-gimlet/testing-measurements/corim-sp.cbor differ diff --git a/workspace-hack/Cargo.toml b/workspace-hack/Cargo.toml index b0d9d2f87d8..6f64f8c40bb 100644 --- a/workspace-hack/Cargo.toml +++ b/workspace-hack/Cargo.toml @@ -44,10 +44,10 @@ daft = { version = "0.1.4", features = ["derive", "newtype-uuid1", "oxnet01", "u data-encoding = { version = "2.9.0" } digest = { version = "0.10.7", features = ["mac", "oid", "std"] } ecdsa = { version = "0.16.9", features = ["pem", "signing", "std", "verifying"] } -ed25519-dalek = { version = "2.1.1", features = ["digest", "pkcs8", "rand_core"] } +ed25519-dalek = { version = "2.1.1", features = ["digest", "pem", "rand_core"] } either = { version = "1.15.0", features = ["use_std"] } elliptic-curve = { version = "0.13.8", features = ["ecdh", "hazmat", "pem", "std"] } -env_logger = { version = "0.11.5", default-features = false, features = ["auto-color"] } +env_logger = { version = "0.11.8", default-features = false, features = ["auto-color"] } ff = { version = "0.13.0", default-features = false, features = ["alloc"] } flate2 = { version = "1.1.2", features = ["zlib-rs"] } form_urlencoded = { version = "1.2.2" } @@ -119,8 +119,10 @@ semver = { version = "1.0.27", features = ["serde"] } serde = { version = "1.0.226", features = ["alloc", "derive", "rc"] } serde_core = { version = "1.0.226", features = ["alloc", "rc"] } serde_json = { version = "1.0.145", features = ["raw_value", "unbounded_depth"] } +serde_with = { version = "3.14.0" } sha1 = { version = "0.10.6", features = ["oid"] } sha2 = { version = "0.10.9", features = ["oid"] } +sha3 = { version = "0.10.8", features = ["oid"] } similar = { version = "2.7.0", features = ["bytes", "inline", "unicode"] } slog = { version = "2.7.0", features = ["dynamic-keys", "max_level_trace", "release_max_level_debug", "release_max_level_trace"] } smallvec = { version = "1.15.1", default-features = false, features = ["const_new"] } @@ -181,10 +183,10 @@ daft = { version = "0.1.4", features = ["derive", "newtype-uuid1", "oxnet01", "u data-encoding = { version = "2.9.0" } digest = { version = "0.10.7", features = ["mac", "oid", "std"] } ecdsa = { version = "0.16.9", features = ["pem", "signing", "std", "verifying"] } -ed25519-dalek = { version = "2.1.1", features = ["digest", "pkcs8", "rand_core"] } +ed25519-dalek = { version = "2.1.1", features = ["digest", "pem", "rand_core"] } either = { version = "1.15.0", features = ["use_std"] } elliptic-curve = { version = "0.13.8", features = ["ecdh", "hazmat", "pem", "std"] } -env_logger = { version = "0.11.5", default-features = false, features = ["auto-color"] } +env_logger = { version = "0.11.8", default-features = false, features = ["auto-color"] } ff = { version = "0.13.0", default-features = false, features = ["alloc"] } flate2 = { version = "1.1.2", features = ["zlib-rs"] } form_urlencoded = { version = "1.2.2" } @@ -256,8 +258,10 @@ semver = { version = "1.0.27", features = ["serde"] } serde = { version = "1.0.226", features = ["alloc", "derive", "rc"] } serde_core = { version = "1.0.226", features = ["alloc", "rc"] } serde_json = { version = "1.0.145", features = ["raw_value", "unbounded_depth"] } +serde_with = { version = "3.14.0" } sha1 = { version = "0.10.6", features = ["oid"] } sha2 = { version = "0.10.9", features = ["oid"] } +sha3 = { version = "0.10.8", features = ["oid"] } similar = { version = "2.7.0", features = ["bytes", "inline", "unicode"] } slog = { version = "2.7.0", features = ["dynamic-keys", "max_level_trace", "release_max_level_debug", "release_max_level_trace"] } smallvec = { version = "1.15.1", default-features = false, features = ["const_new"] } @@ -299,7 +303,7 @@ bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.9.4", default-f cookie = { version = "0.18.1", default-features = false, features = ["percent-encode"] } dof-468e82937335b1c9 = { package = "dof", version = "0.3.0", default-features = false, features = ["des"] } dof-9fbad63c4bcf4a8f = { package = "dof", version = "0.4.0", default-features = false, features = ["des"] } -getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.1", default-features = false, features = ["std"] } +getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.4", default-features = false, features = ["std"] } hyper-rustls = { version = "0.27.7", features = ["http2", "ring", "webpki-tokio"] } hyper-util = { version = "0.1.17", features = ["full"] } linux-raw-sys = { version = "0.4.14", default-features = false, features = ["elf", "errno", "general", "if_ether", "ioctl", "net", "netlink", "no_std", "prctl", "std", "system", "xdp"] } @@ -312,7 +316,7 @@ bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.9.4", default-f cookie = { version = "0.18.1", default-features = false, features = ["percent-encode"] } dof-468e82937335b1c9 = { package = "dof", version = "0.3.0", default-features = false, features = ["des"] } dof-9fbad63c4bcf4a8f = { package = "dof", version = "0.4.0", default-features = false, features = ["des"] } -getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.1", default-features = false, features = ["std"] } +getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.4", default-features = false, features = ["std"] } hyper-rustls = { version = "0.27.7", features = ["http2", "ring", "webpki-tokio"] } hyper-util = { version = "0.1.17", features = ["full"] } linux-raw-sys = { version = "0.4.14", default-features = false, features = ["elf", "errno", "general", "if_ether", "ioctl", "net", "netlink", "no_std", "prctl", "std", "system", "xdp"] } @@ -323,7 +327,7 @@ rustix-dff4ba8e3ae991db = { package = "rustix", version = "1.0.7", features = [" [target.x86_64-apple-darwin.dependencies] bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.9.4", default-features = false, features = ["std"] } cookie = { version = "0.18.1", default-features = false, features = ["percent-encode"] } -getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.1", default-features = false, features = ["std"] } +getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.4", default-features = false, features = ["std"] } hyper-rustls = { version = "0.27.7", features = ["http2", "ring", "webpki-tokio"] } hyper-util = { version = "0.1.17", features = ["full"] } mio = { version = "1.0.2", features = ["net", "os-ext"] } @@ -333,7 +337,7 @@ rustix-dff4ba8e3ae991db = { package = "rustix", version = "1.0.7", features = [" [target.x86_64-apple-darwin.build-dependencies] bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.9.4", default-features = false, features = ["std"] } cookie = { version = "0.18.1", default-features = false, features = ["percent-encode"] } -getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.1", default-features = false, features = ["std"] } +getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.4", default-features = false, features = ["std"] } hyper-rustls = { version = "0.27.7", features = ["http2", "ring", "webpki-tokio"] } hyper-util = { version = "0.1.17", features = ["full"] } mio = { version = "1.0.2", features = ["net", "os-ext"] } @@ -343,7 +347,7 @@ rustix-dff4ba8e3ae991db = { package = "rustix", version = "1.0.7", features = [" [target.aarch64-apple-darwin.dependencies] bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.9.4", default-features = false, features = ["std"] } cookie = { version = "0.18.1", default-features = false, features = ["percent-encode"] } -getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.1", default-features = false, features = ["std"] } +getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.4", default-features = false, features = ["std"] } hyper-rustls = { version = "0.27.7", features = ["http2", "ring", "webpki-tokio"] } hyper-util = { version = "0.1.17", features = ["full"] } mio = { version = "1.0.2", features = ["net", "os-ext"] } @@ -353,7 +357,7 @@ rustix-dff4ba8e3ae991db = { package = "rustix", version = "1.0.7", features = [" [target.aarch64-apple-darwin.build-dependencies] bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.9.4", default-features = false, features = ["std"] } cookie = { version = "0.18.1", default-features = false, features = ["percent-encode"] } -getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.1", default-features = false, features = ["std"] } +getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.4", default-features = false, features = ["std"] } hyper-rustls = { version = "0.27.7", features = ["http2", "ring", "webpki-tokio"] } hyper-util = { version = "0.1.17", features = ["full"] } mio = { version = "1.0.2", features = ["net", "os-ext"] } @@ -365,7 +369,7 @@ bitflags-f595c2ba2a3f28df = { package = "bitflags", version = "2.9.4", default-f cookie = { version = "0.18.1", default-features = false, features = ["percent-encode"] } dof-468e82937335b1c9 = { package = "dof", version = "0.3.0", default-features = false, features = ["des"] } dof-9fbad63c4bcf4a8f = { package = "dof", version = "0.4.0", default-features = false, features = ["des"] } -getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.1", default-features = false, features = ["std"] } +getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.4", default-features = false, features = ["std"] } hyper-rustls = { version = "0.27.7", features = ["http2", "ring", "webpki-tokio"] } hyper-util = { version = "0.1.17", features = ["full"] } itertools-5ef9efb8ec2df382 = { package = "itertools", version = "0.12.1" } @@ -383,7 +387,7 @@ clang-sys = { version = "1.8.1", default-features = false, features = ["clang_11 cookie = { version = "0.18.1", default-features = false, features = ["percent-encode"] } dof-468e82937335b1c9 = { package = "dof", version = "0.3.0", default-features = false, features = ["des"] } dof-9fbad63c4bcf4a8f = { package = "dof", version = "0.4.0", default-features = false, features = ["des"] } -getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.1", default-features = false, features = ["std"] } +getrandom-468e82937335b1c9 = { package = "getrandom", version = "0.3.4", default-features = false, features = ["std"] } hyper-rustls = { version = "0.27.7", features = ["http2", "ring", "webpki-tokio"] } hyper-util = { version = "0.1.17", features = ["full"] } itertools-5ef9efb8ec2df382 = { package = "itertools", version = "0.12.1" }