-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Include device app binaries and use tkey-device-signer #19
Draft
mchack-work
wants to merge
38
commits into
main
Choose a base branch
from
signer
base: main
Could not load branches
Branch not found: {{ refName }}
Could not load tags
Nothing to show
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- tkeyclient instead of old tk1 - tkeysign instead of tk1sign Digests as strings
Use NewFirmwares() and the methods on the object returned from that.
Remove use of devPath in most functions and instead open a TKey connection and re-use that during the operations.
Closed
First stab at updating documentation for the refacotoring
dehanj
reviewed
May 21, 2024
os.Exit(code) | ||
} | ||
|
||
fmt.Printf("tk: %#v\n", tk) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this a leftover debug print?
dehanj
force-pushed
the
signer
branch
4 times, most recently
from
May 23, 2024 20:18
188c8ed
to
9ec8987
Compare
- Remove install targets. To Linux and dist specific. - Remove appbins-from-tags: We include the app binaries instead. - Remove show-pubkey: We move it inside tkey-verification. - Build static binary of client app, make it reproducible. - Add a podman target. - Add check-digest target to check device app digests. - Run Go lint tools and expect the tools to be already installed.
- Split remoteSign() into several functions - As an effect, introduce new command sign-challenge to only do the signing of the challenge part of the remote-sign flow. - loadRemoteSignConfig() now returns Server instead of Config, setting up a TLS config in there. - Skip passing checkConfigOnly to remoteSign(). Handle in main.go. - Turn many exits to return errors.
The show-pubkey command outputs the vendor signing pubkey, the app tag, and app hash digest to stdout. The output is in the format used for a line in the vendor-signing-pubkey.txt file, and used to embed another vendor signing key. The command takes takes an argument with the path to the devie app using --app path/to/app.bin
- Use gon for signing. - Skip test for homebrew formula for now.
- Tkeyclient does not support building static binaries for Darwin, it requires CGO to enable enumeration of connected serial devices. In the short term we enable CGO for Darwin before we can find another reliable solution. See issue #13.
It contains a lock and should be passed by reference instead of by value.
We haven't decided on the use of depguard gci, or gufumpt yet.
- Verisigner is deprecated for the use of tkey-device-signer, hence it is removed in this repo - but still buildable if checking out a verisigner tag. - The binaries are not included in the repo. - Remove the builds scripts associated with verisigner. - Changes to readme to reflect.
Instead of initializing all of: - vendor keys - app binaries - known firmwares at start regardless of what command is given on the command line, we do only the initialization we need for the specific command given. This also means we can't report what exactly everything is built with without initializing so we introduce a new function util.go:builtWith() which does this for us.
- We move the error handling to their own file. - Expand the constant error list with the UDI errors. - Complex errors get their own type.
- Remove man page in mdoc in system/ - Add scdoc file in doc/. - Add make target to generate manual page from scdoc.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Very much WIP!
Based on use_tkeylibs branch.
We use the ordinary tkeysign package to communicate with signer and the old verisigner.
We move some internal packages under tkey-verification because they're not needed anywhere else.
Instead of using some global variables we use NewFoo() and return an object we work on.
NewAppBins() sets upp all of our embedded device apps.
NewVendorKeys() does the same with our vendor keys (plural) which means we also support more than one vendor key. This might be necessary if we're going to use the plain signer in the vendor signing going forward, since we already have a different published vendor key.
Closes #18