TPM device is a hard requirement

[mudler]

See: rancher/os2#9

[mudler]

As I see it at least would require to split https://github.com/rancher/rancherd/blob/bdf5642d62d50b9cd23eaabfdc848637bf62e056/pkg/tpm/tpm.go into a separate golang package. The code is completely untied from rancherd, no need to do cross imports and as such we can also pin changes to it directly from the consumers

[mudler]

tpm code extracted here: https://github.com/rancher-sandbox/go-tpm

[mudler]

Experimenting with emulated TPM in a separate branch: https://github.com/rancher-sandbox/go-tpm/tree/backends

[mudler]

I'm having issues using swtpm from go-tpm, seems commands are not recognized by swtpm:

Error: Unknown command: 0x80020000
 Ctrl Rsp: length 4
 00 00 00 0A 
 Ctrl Cmd: length 22
 80 01 00 00 00 16 00 00 01 7A 00 00 00 06 00 00 
 01 2C 00 00 00 01 
Error: Unknown command: 0x80010000
 Ctrl Rsp: length 4
 00 00 00 0A 
 Ctrl Cmd: length 22
 80 01 00 00 00 16 00 00 01 7A 00 00 00 06 00 00 
 01 2C 00 00 00 01 
Error: Unknown command: 0x80010000
 Ctrl Rsp: length 4
 00 00 00 0A 
 Ctrl Cmd: length 355
 80 02 00 00 01 63 00 00 01 31 40 00 00 0B 00 00 
 00 09 40 00 00 09 00 00 01 00 00 00 04 00 00 00 
 00 01 3A 00 01 00 0B 00 03 00 B2 00 20 83 71 97 
 67 44 84 B3 F8 1A 90 CC 8D 46 A5 D7 24 FD 52 D7 
 6E 06 52 0B 64 F2 A1 DA 1B 33 14 69 AA 00 06 00 
 80 00 43 00 10 08 00 00 00 00 00 01 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
 00 00 00 
Error: Unknown command: 0x80020000
 Ctrl Rsp: length 4
 00 00 00 0A 

However, I've managed to re-use the emulated TPM device from github.com/google/go-tpm-tools/simulator but that is insecure and doesn't have any state preserved as swtpm does. That means we could expose in the config file a flag to a least simulate TPM if not present on the HW (which should be turned on manually).

[mudler]

Pushed to main and also added a test to check out the whole process: https://github.com/rancher-sandbox/go-tpm/blob/main/get_test.go#L105 . I'll create a separate card to consume it in os2 and have an option to enable emulated TPM

[mudler]

I'm closing this card as it was a spike and now we know what's needed in order to emulate TPM #20, although it is just meant for testing and relying on that feature is insecure.

We can always go back at this if we want to extend and have other mechanisms of registering nodes