README
¶
disk-mapper
The disk-mapper is a binary that runs during the initramfs of a Constellation node.
If running on a new node, it handles setting up the node's state disk by creating an integrity protected encrypted partition.
On a rebooting node, the disk-mapper handles recovery of the node by requesting a decryption key for its state disk. Once the disk is decrypted, the measurement salt is read from disk and used to extend a PCR to mark the node as initialized.
Testing
Integration test is available in disk-mapper/test/integration_test.go.
The integration test requires root privileges since it uses dm-crypt.
Build and run the test:
go test -c -tags=integration ./disk-mapper/internal/test/
sudo ./test.test
Directories
¶
| Path | Synopsis |
|---|---|
|
internal
|
|
|
diskencryption
Package diskencryption uses libcryptsetup to format and map crypt devices.
|
Package diskencryption uses libcryptsetup to format and map crypt devices. |
|
recoveryserver
Package recoveryserver implements the gRPC endpoints for recovering a restarting node.
|
Package recoveryserver implements the gRPC endpoints for recovering a restarting node. |
|
rejoinclient
Package rejoinclient handles the automatic rejoining of a restarting node.
|
Package rejoinclient handles the automatic rejoining of a restarting node. |
|
systemd
Package systemd configures systemd units for encrypted volumes.
|
Package systemd configures systemd units for encrypted volumes. |
Click to show internal directories.
Click to hide internal directories.