Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix secure mount error and add more verbose TPM error output #171

Merged
merged 3 commits into from
Mar 19, 2021
Merged

Fix secure mount error and add more verbose TPM error output #171

merged 3 commits into from
Mar 19, 2021

Conversation

lkatalin
Copy link
Contributor

@lkatalin lkatalin commented Mar 17, 2021
edited
Loading

This PR:

  • fixes an error in the Keylime agent saying it is unable to mount the tmpfs by adding a "testing" feature
  • adds more verbose error output for revocation and TPM-related errors
  • adds logging output when agent activation and registration succeed
  • removes port bindings for the agent (this was causing another error)

@lkatalin lkatalin changed the title Tmpfs Fix secure mount error and add more verbose TPM error output Mar 17, 2021
@lkatalin lkatalin force-pushed the tmpfs branch 2 times, most recently from 1316cf4 to dade08a Compare March 17, 2021 15:55
ashcrow
ashcrow reviewed Mar 17, 2021
View reviewed changes
src/common.rs
@@ -23,7 +23,7 @@ pub static KEY: &str = "secret";
pub static WORK_DIR: &str = "/tmp";

// Secure mount of tpmfs (False is generally used for development environments)
pub static MOUNT_SECURE: bool = true;
pub static MOUNT_SECURE: bool = false;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the comment above still accurate? Would we be defaulting to a development configuration?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I'm not sure - my somewhat narrow goal has been to get the code into a state that it can run with docker-compose up without encountering any errors. In theory this would eventually be an integration test or example that someone who clones the repo could just run in a snap to make sure things are working and see how it should behave. Is there a better way to do this? Maybe a development "feature" in Cargo.toml?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lukehinds do you happen to know the result in changing this from true to false?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe it results in the mount being in /tmp rather than a tmpfs mount. I figure if it helps Lily get moving for now we can we could keep it that way, but we should mark a todo or an issue. The other option is a config value to make it togglable outside of the code.

Copy link
Contributor Author

@lkatalin lkatalin Mar 18, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've changed this so that the flag is updated based on a feature we can pass in: cargo build --features=testing.

@lkatalin lkatalin force-pushed the tmpfs branch 2 times, most recently from 63846c5 to 9ffd29c Compare March 18, 2021 00:35
lkatalin added 3 commits March 18, 2021 18:22
@lkatalin
More verbose TPM and revocation error, verbose success
baf23a2 
Signed-off-by: Lily Sturmann <[email protected]>
@lkatalin
Remove port bindings for agent
4ecb63c 
This causes an intermittent error because it is not compatible with network_mode: host

Signed-off-by: Lily Sturmann <[email protected]>
@lkatalin
Add testing feature
eeac470 
Configs for testing can be turned on by using
`cargo <cmd> --features=testing`

Signed-off-by: Lily Sturmann <[email protected]>
@lkatalin lkatalin requested a review from ashcrow March 18, 2021 22:53
@ashcrow ashcrow merged commit 364f4aa into keylime:master Mar 19, 2021
@lkatalin lkatalin deleted the tmpfs branch July 16, 2021 17:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukehinds lukehinds lukehinds approved these changes

@ashcrow ashcrow ashcrow approved these changes

@puiterwijk puiterwijk Awaiting requested review from puiterwijk

Assignees

@ashcrow ashcrow

@puiterwijk puiterwijk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lkatalin @ashcrow @lukehinds @puiterwijk