-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TPM device is a hard requirement #7
Comments
As I see it at least would require to split https://github.com/rancher/rancherd/blob/bdf5642d62d50b9cd23eaabfdc848637bf62e056/pkg/tpm/tpm.go into a separate golang package. The code is completely untied from rancherd, no need to do cross imports and as such we can also pin changes to it directly from the consumers |
tpm code extracted here: https://github.com/rancher-sandbox/go-tpm |
Experimenting with emulated TPM in a separate branch: https://github.com/rancher-sandbox/go-tpm/tree/backends |
I'm having issues using swtpm from go-tpm, seems commands are not recognized by swtpm:
However, I've managed to re-use the emulated TPM device from |
Pushed to main and also added a test to check out the whole process: https://github.com/rancher-sandbox/go-tpm/blob/main/get_test.go#L105 . I'll create a separate card to consume it in os2 and have an option to enable emulated TPM |
I'm closing this card as it was a spike and now we know what's needed in order to emulate TPM #20, although it is just meant for testing and relying on that feature is insecure. We can always go back at this if we want to extend and have other mechanisms of registering nodes |
See: rancher/os2#9
The text was updated successfully, but these errors were encountered: