GO-2024-2727: Constellation has pods exposed to peers in VPC in github.com/edgelesssys/constellation

disk-mapper/

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/edgelesssys/constellation

Links

Open Source Insights

README ¶

disk-mapper

The disk-mapper is a binary that runs during the initramfs of a Constellation node.

If running on a new node, it handles setting up the node's state disk by creating an integrity protected encrypted partition.

On a rebooting node, the disk-mapper handles recovery of the node by requesting a decryption key for its state disk. Once the disk is decrypted, the measurement salt is read from disk and used to extend a PCR to mark the node as initialized.

Testing

Integration test is available in disk-mapper/test/integration_test.go. The integration test requires root privileges since it uses dm-crypt. Build and run the test:

go test -c -tags=integration ./disk-mapper/internal/test/
sudo ./test.test

Directories ¶

Path	Synopsis
cmd
internal
diskencryption Package diskencryption uses libcryptsetup to format and map crypt devices.	Package diskencryption uses libcryptsetup to format and map crypt devices.
recoveryserver Package recoveryserver implements the gRPC endpoints for recovering a restarting node.	Package recoveryserver implements the gRPC endpoints for recovering a restarting node.
rejoinclient Package rejoinclient handles the automatic rejoining of a restarting node.	Package rejoinclient handles the automatic rejoining of a restarting node.
setup
systemd Package systemd configures systemd units for encrypted volumes.	Package systemd configures systemd units for encrypted volumes.
recoverproto

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL