profile

package
v1.8.0-alpha.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 1, 2024 License: MPL-2.0 Imports: 27 Imported by: 0

Documentation

Overview

Package profile contains definition of the image generation profile.

Index

Constants

View Source
const (

	// MinRAWDiskSize is the minimum size disk we can create. Used for metal images.
	MinRAWDiskSize = 1246 * mib

	// DefaultRAWDiskSize is the value we use for any non-metal images by default.
	DefaultRAWDiskSize = 8192 * mib
)

Variables

View Source
var Default = map[string]Profile{

	"iso": {
		Platform:   constants.PlatformMetal,
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindISO,
			OutFormat: OutFormatRaw,
		},
	},
	"secureboot-iso": {
		Platform:   constants.PlatformMetal,
		SecureBoot: pointer.To(true),
		Output: Output{
			Kind:      OutKindISO,
			OutFormat: OutFormatRaw,
			ISOOptions: &ISOOptions{
				SDBootEnrollKeys: SDBootEnrollKeysIfSafe,
			},
		},
	},

	"metal": {
		Platform:   constants.PlatformMetal,
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   MinRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	"secureboot-metal": {
		Platform:   constants.PlatformMetal,
		SecureBoot: pointer.To(true),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   MinRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	"installer": {
		Platform:   "metal",
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindInstaller,
			OutFormat: OutFormatRaw,
		},
	},
	"secureboot-installer": {
		Platform:   "metal",
		SecureBoot: pointer.To(true),
		Output: Output{
			Kind:      OutKindInstaller,
			OutFormat: OutFormatRaw,
		},
	},

	"akamai": {
		Platform:   "akamai",
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatGZ,
			ImageOptions: &ImageOptions{
				DiskSize:   MinRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	"aws": {
		Platform:   "aws",
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   DefaultRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	"azure": {
		Platform:   "azure",
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:          DefaultRAWDiskSize,
				DiskFormat:        DiskFormatVPC,
				DiskFormatOptions: "subformat=fixed,force_size",
			},
		},
	},
	"digital-ocean": {
		Platform:   "digital-ocean",
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatGZ,
			ImageOptions: &ImageOptions{
				DiskSize:   DefaultRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	"exoscale": {
		Platform:   "exoscale",
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:          10 * 1024 * mib,
				DiskFormat:        DiskFormatQCOW2,
				DiskFormatOptions: "cluster_size=8k",
			},
		},
	},
	"gcp": {
		Platform:   "gcp",
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatTar,
			ImageOptions: &ImageOptions{
				DiskSize:   DefaultRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	"hcloud": {
		Platform:   "hcloud",
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   MinRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	"nocloud": {
		Platform:   "nocloud",
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   MinRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	"opennebula": {
		Platform:   "opennebula",
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   MinRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	"openstack": {
		Platform:   "openstack",
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   MinRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	"oracle": {
		Platform:   "oracle",
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:          DefaultRAWDiskSize,
				DiskFormat:        DiskFormatQCOW2,
				DiskFormatOptions: "cluster_size=8k",
			},
		},
	},
	"scaleway": {
		Platform:   "scaleway",
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   MinRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	"upcloud": {
		Platform:   "upcloud",
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   DefaultRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	"vmware": {
		Platform:   "vmware",
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatRaw,
			ImageOptions: &ImageOptions{
				DiskSize:   DefaultRAWDiskSize,
				DiskFormat: DiskFormatOVA,
			},
		},
	},
	"vultr": {
		Platform:   "vultr",
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   DefaultRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},

	constants.BoardRPiGeneric: {
		Arch:       "arm64",
		Platform:   constants.PlatformMetal,
		Board:      constants.BoardRPiGeneric,
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   MinRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	constants.BoardRock64: {
		Arch:       "arm64",
		Platform:   constants.PlatformMetal,
		Board:      constants.BoardRock64,
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   MinRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	constants.BoardBananaPiM64: {
		Arch:       "arm64",
		Platform:   constants.PlatformMetal,
		Board:      constants.BoardBananaPiM64,
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   MinRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	constants.BoardLibretechAllH3CCH5: {
		Arch:       "arm64",
		Platform:   constants.PlatformMetal,
		Board:      constants.BoardLibretechAllH3CCH5,
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   MinRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	constants.BoardRockpi4: {
		Arch:       "arm64",
		Platform:   constants.PlatformMetal,
		Board:      constants.BoardRockpi4,
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   MinRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	constants.BoardRockpi4c: {
		Arch:       "arm64",
		Platform:   constants.PlatformMetal,
		Board:      constants.BoardRockpi4c,
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   MinRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	constants.BoardPine64: {
		Arch:       "arm64",
		Platform:   constants.PlatformMetal,
		Board:      constants.BoardPine64,
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   MinRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	constants.BoardJetsonNano: {
		Arch:       "arm64",
		Platform:   constants.PlatformMetal,
		Board:      constants.BoardJetsonNano,
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   MinRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
	constants.BoardNanoPiR4S: {
		Arch:       "arm64",
		Platform:   constants.PlatformMetal,
		Board:      constants.BoardNanoPiR4S,
		SecureBoot: pointer.To(false),
		Output: Output{
			Kind:      OutKindImage,
			OutFormat: OutFormatZSTD,
			ImageOptions: &ImageOptions{
				DiskSize:   MinRAWDiskSize,
				DiskFormat: DiskFormatRaw,
			},
		},
	},
}

Default describes built-in profiles.

Functions

func DiskFormatStrings added in v1.7.0

func DiskFormatStrings() []string

DiskFormatStrings returns a slice of all String values of the enum

func OutFormatStrings added in v1.7.0

func OutFormatStrings() []string

OutFormatStrings returns a slice of all String values of the enum

func OutputKindStrings added in v1.7.0

func OutputKindStrings() []string

OutputKindStrings returns a slice of all String values of the enum

func SDBootEnrollKeysStrings added in v1.7.0

func SDBootEnrollKeysStrings() []string

SDBootEnrollKeysStrings returns a slice of all String values of the enum

Types

type ContainerAsset

type ContainerAsset struct {
	// ImageRef is a reference to the container image.
	ImageRef string `yaml:"imageRef"`
	// ForceInsecure forces insecure registry communication.
	ForceInsecure bool `yaml:"forceInsecure,omitempty"`
	// TarballPath is a path to the .tar format container image contents.
	//
	// If TarballPath is set, ImageRef is ignored.
	TarballPath string `yaml:"tarballPath,omitempty"`
	// OCIPath is a path to the OCI format container image contents.
	//
	// If OCIPath is set, ImageRef is ignored.
	OCIPath string `yaml:"ociPath,omitempty"`
}

ContainerAsset describes a container asset.

func (*ContainerAsset) Extract

func (c *ContainerAsset) Extract(ctx context.Context, destination, arch string, printf func(string, ...any)) error

Extract the container asset to the path.

func (*ContainerAsset) Pull

func (c *ContainerAsset) Pull(ctx context.Context, arch string, printf func(string, ...any)) (v1.Image, error)

Pull the container asset to the path.

type CustomizationProfile

type CustomizationProfile struct {
	// ExtraKernelArgs is a list of extra kernel arguments.
	ExtraKernelArgs []string `yaml:"extraKernelArgs,omitempty"`
	// MetaContents is a list of META partition contents.
	MetaContents meta.Values `yaml:"metaContents,omitempty"`
}

CustomizationProfile describes customizations that can be applied to the image.

type DiskFormat

type DiskFormat int

DiskFormat is disk format specification.

const (
	DiskFormatUnknown DiskFormat = iota // unknown
	DiskFormatRaw                       // raw
	DiskFormatQCOW2                     // qcow2
	DiskFormatVPC                       // vhd
	DiskFormatOVA                       // ova
)

DiskFormat values.

func DiskFormatString

func DiskFormatString(s string) (DiskFormat, error)

DiskFormatString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.

func DiskFormatValues

func DiskFormatValues() []DiskFormat

DiskFormatValues returns all values of the enum

func (DiskFormat) IsADiskFormat

func (i DiskFormat) IsADiskFormat() bool

IsADiskFormat returns "true" if the value is listed in the enum definition. "false" otherwise

func (DiskFormat) MarshalText

func (i DiskFormat) MarshalText() ([]byte, error)

MarshalText implements the encoding.TextMarshaler interface for DiskFormat

func (DiskFormat) String

func (i DiskFormat) String() string

func (*DiskFormat) UnmarshalText

func (i *DiskFormat) UnmarshalText(text []byte) error

UnmarshalText implements the encoding.TextUnmarshaler interface for DiskFormat

type FileAsset

type FileAsset struct {
	// Path to the file.
	Path string `yaml:"path"`
}

FileAsset describes a file asset.

type ISOOptions added in v1.6.5

type ISOOptions struct {
	// SDBootEnrollKeys is a value in loader.conf secure-boot-enroll: off, manual, if-safe, force.
	//
	// If not set, it defaults to if-safe.
	SDBootEnrollKeys SDBootEnrollKeys `yaml:"sdBootEnrollKeys"`
}

ISOOptions describes options for the 'iso' output.

type ImageOptions

type ImageOptions struct {
	// DiskSize is the size of the disk image (bytes).
	DiskSize int64 `yaml:"diskSize"`
	// DiskFormat is the format of the disk image:
	//  * raw - raw disk image
	//  * qcow2 - qcow2 disk image
	//  * vhd - VPC disk image
	//  * ova - VMWare disk image
	DiskFormat DiskFormat `yaml:"diskFormat,omitempty"`
	// DiskFormatOptions are additional options for the disk format
	DiskFormatOptions string `yaml:"diskFormatOptions,omitempty"`
}

ImageOptions describes options for the 'image' output.

type Input

type Input struct {
	// Kernel is a vmlinuz file.
	Kernel FileAsset `yaml:"kernel"`
	// Initramfs is a initramfs file (without system extensions).
	Initramfs FileAsset `yaml:"initramfs"`
	// SDStub is a sd-stub file (only for SecureBoot).
	SDStub FileAsset `yaml:"sdStub,omitempty"`
	// SDBoot is a sd-boot file (only for SecureBoot).
	SDBoot FileAsset `yaml:"sdBoot,omitempty"`
	// DTB is a path to the device tree blobs (arm64 only).
	DTB FileAsset `yaml:"dtb,omitempty"`
	// UBoot is a path to the u-boot binary (arm64 only).
	UBoot FileAsset `yaml:"uBoot,omitempty"`
	// RPiFirmware is a path to the Raspberry Pi firmware (arm64 only).
	RPiFirmware FileAsset `yaml:"rpiFirmware,omitempty"`
	// Base installer image to mutate.
	BaseInstaller ContainerAsset `yaml:"baseInstaller,omitempty"`
	// OverlayInstaller is an overlay image to inject into the installer.
	//
	// OverlayInstaller architecture should match the output installer architecture.
	OverlayInstaller ContainerAsset `yaml:"overlayInstaller,omitempty"`
	// SecureBoot is a section with secureboot keys, only for SecureBoot enabled builds.
	SecureBoot *SecureBootAssets `yaml:"secureboot,omitempty"`
	// SystemExtensions is a list of system extensions to install.
	SystemExtensions []ContainerAsset `yaml:"systemExtensions,omitempty"`
}

Input describes inputs for image generation.

func (*Input) FillDefaults

func (i *Input) FillDefaults(arch, version string, secureboot bool)

FillDefaults fills default values for the input.

type OutFormat

type OutFormat int

OutFormat is output format specification.

const (
	OutFormatUnknown OutFormat = iota // unknown
	OutFormatRaw                      // raw
	OutFormatTar                      // .tar.gz
	OutFormatXZ                       // .xz
	OutFormatGZ                       // .gz
	OutFormatZSTD                     // .zst
)

OutFormat values.

func OutFormatString

func OutFormatString(s string) (OutFormat, error)

OutFormatString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.

func OutFormatValues

func OutFormatValues() []OutFormat

OutFormatValues returns all values of the enum

func (OutFormat) IsAOutFormat

func (i OutFormat) IsAOutFormat() bool

IsAOutFormat returns "true" if the value is listed in the enum definition. "false" otherwise

func (OutFormat) MarshalText

func (i OutFormat) MarshalText() ([]byte, error)

MarshalText implements the encoding.TextMarshaler interface for OutFormat

func (OutFormat) String

func (i OutFormat) String() string

func (*OutFormat) UnmarshalText

func (i *OutFormat) UnmarshalText(text []byte) error

UnmarshalText implements the encoding.TextUnmarshaler interface for OutFormat

type Output

type Output struct {
	// Kind of the output:
	//  * iso - ISO image
	//  * image - disk image (Talos pre-installed)
	//  * installer - installer container
	//  * kernel - Linux kernel
	//  * initramfs - initramfs image
	Kind OutputKind `yaml:"kind"`
	// Options for the 'image' output.
	ImageOptions *ImageOptions `yaml:"imageOptions,omitempty"`
	// Options for the 'iso' output.
	ISOOptions *ISOOptions `yaml:"isoOptions,omitempty"`
	// OutFormat is the format for the output:
	//  * raw - output raw file
	//  * .tar.gz - output tar.gz archive
	//  * .xz - output xz archive
	//  * .gz - output gz archive
	OutFormat OutFormat `yaml:"outFormat"`
}

Output describes image generation result.

type OutputKind

type OutputKind int

OutputKind is output specification.

const (
	OutKindUnknown   OutputKind = iota // unknown
	OutKindISO                         // iso
	OutKindImage                       // image
	OutKindInstaller                   // installer
	OutKindKernel                      // kernel
	OutKindInitramfs                   // initramfs
	OutKindUKI                         // uki
	OutKindCmdline                     // cmdline
)

OutputKind values.

func OutputKindString

func OutputKindString(s string) (OutputKind, error)

OutputKindString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.

func OutputKindValues

func OutputKindValues() []OutputKind

OutputKindValues returns all values of the enum

func (OutputKind) IsAOutputKind

func (i OutputKind) IsAOutputKind() bool

IsAOutputKind returns "true" if the value is listed in the enum definition. "false" otherwise

func (OutputKind) MarshalText

func (i OutputKind) MarshalText() ([]byte, error)

MarshalText implements the encoding.TextMarshaler interface for OutputKind

func (OutputKind) String

func (i OutputKind) String() string

func (*OutputKind) UnmarshalText

func (i *OutputKind) UnmarshalText(text []byte) error

UnmarshalText implements the encoding.TextUnmarshaler interface for OutputKind

type OverlayOptions added in v1.7.0

type OverlayOptions struct {
	// Name of the overlay installer, defaults to `default` if not set.
	Name string `yaml:"name"`
	// Image to use for the overlay.
	Image ContainerAsset `yaml:"image"`
	// Options for the overlay.
	overlay.ExtraOptions `yaml:"options,omitempty"`
}

OverlayOptions describes overlay options for image generation.

type Profile

type Profile struct {
	// BaseProfileName is the profile name to inherit from.
	BaseProfileName string `yaml:"baseProfileName,omitempty"`
	// Architecture of the image: amd64 or arm64.
	Arch string `yaml:"arch"`
	// Platform name of the image: qemu, aws, gcp, etc.
	Platform string `yaml:"platform"`
	// Board name of the image: rpi4, etc. (only for metal image and arm64).
	Board string `yaml:"board,omitempty"`
	// SecureBoot enables SecureBoot (only for UEFI build).
	SecureBoot *bool `yaml:"secureboot"`
	// Version is Talos version.
	Version string `yaml:"version"`
	// Various customizations than can be applied to the image.
	Customization CustomizationProfile `yaml:"customization,omitempty"`

	// Input describes inputs for image generation.
	Input Input `yaml:"input"`
	// Overlay describes overlay options for image generation.
	Overlay *OverlayOptions `yaml:"overlay,omitempty"`
	// Output describes image generation result.
	Output Output `yaml:"output"`
}

Profile describes image generation result.

func (Profile) DeepCopy

func (o Profile) DeepCopy() Profile

DeepCopy generates a deep copy of Profile.

func (*Profile) Dump

func (p *Profile) Dump(w io.Writer) error

Dump the profile as YAML.

func (*Profile) OutputPath

func (p *Profile) OutputPath() string

OutputPath generates the output path for the profile.

func (*Profile) SecureBootEnabled

func (p *Profile) SecureBootEnabled() bool

SecureBootEnabled derefences SecureBoot.

func (*Profile) Validate

func (p *Profile) Validate() error

Validate the profile.

type SDBootEnrollKeys added in v1.6.5

type SDBootEnrollKeys int

SDBootEnrollKeys is a value in loader.conf secure-boot-enroll: off, manual, if-safe, force.

const (
	SDBootEnrollKeysIfSafe SDBootEnrollKeys = iota // if-safe
	SDBootEnrollKeysManual                         // manual
	SDBootEnrollKeysForce                          // force
	SDBootEnrollKeysOff                            // off
)

SDBootEnrollKeys values.

func SDBootEnrollKeysString added in v1.6.5

func SDBootEnrollKeysString(s string) (SDBootEnrollKeys, error)

SDBootEnrollKeysString retrieves an enum value from the enum constants string name. Throws an error if the param is not part of the enum.

func SDBootEnrollKeysValues added in v1.6.5

func SDBootEnrollKeysValues() []SDBootEnrollKeys

SDBootEnrollKeysValues returns all values of the enum

func (SDBootEnrollKeys) IsASDBootEnrollKeys added in v1.6.5

func (i SDBootEnrollKeys) IsASDBootEnrollKeys() bool

IsASDBootEnrollKeys returns "true" if the value is listed in the enum definition. "false" otherwise

func (SDBootEnrollKeys) MarshalText added in v1.6.5

func (i SDBootEnrollKeys) MarshalText() ([]byte, error)

MarshalText implements the encoding.TextMarshaler interface for SDBootEnrollKeys

func (SDBootEnrollKeys) String added in v1.6.5

func (i SDBootEnrollKeys) String() string

func (*SDBootEnrollKeys) UnmarshalText added in v1.6.5

func (i *SDBootEnrollKeys) UnmarshalText(text []byte) error

UnmarshalText implements the encoding.TextUnmarshaler interface for SDBootEnrollKeys

type SecureBootAssets

type SecureBootAssets struct {
	// SecureBoot signing key & cert.
	SecureBootSigner SigningKeyAndCertificate `yaml:"secureBootSigner"`
	// PCR signing key.
	PCRSigner SigningKey `yaml:"pcrSigner"`
	// Optional, auto-enrollment paths.
	PlatformKeyPath    string `yaml:"platformKeyPath,omitempty"`
	KeyExchangeKeyPath string `yaml:"keyExchangeKeyPath,omitempty"`
	SignatureKeyPath   string `yaml:"signatureKeyPath,omitempty"`
}

SecureBootAssets describes secureboot assets.

type SigningKey added in v1.6.0

type SigningKey struct {
	// File-based.
	//
	// Static key path.
	KeyPath string `yaml:"keyPath,omitempty"`
	// Azure.
	//
	// Azure Vault URL and key ID.
	// AzureKeyVersion might be left empty to use the latest key version.
	AzureVaultURL   string `yaml:"azureVaultURL,omitempty"`
	AzureKeyID      string `yaml:"azureKeyID,omitempty"`
	AzureKeyVersion string `yaml:"azureKeyVersion,omitempty"`
	// AWS.
	//
	// AWS KMS Key ID and region.
	AwsKMSKeyID string `yaml:"awsKMSKeyID,omitempty"`
	AwsRegion   string `yaml:"awsRegion,omitempty"`
}

SigningKey describes a signing key.

func (SigningKey) GetSigner added in v1.6.0

func (key SigningKey) GetSigner(ctx context.Context) (measure.RSAKey, error)

GetSigner returns the signer.

type SigningKeyAndCertificate added in v1.6.0

type SigningKeyAndCertificate struct {
	// File-based.
	//
	// Static key and certificate paths.
	KeyPath  string `yaml:"keyPath,omitempty"`
	CertPath string `yaml:"certPath,omitempty"`
	// Azure.
	//
	// Azure Vault URL and certificate ID, key will be found from the certificate.
	AzureVaultURL      string `yaml:"azureVaultURL,omitempty"`
	AzureCertificateID string `yaml:"azureCertificateID,omitempty"`
	// AWS.
	//
	// AWS KMS Key ID and region.
	// AWS doesn't have a good way to store a certificate, so it's expected to be a file.
	AwsKMSKeyID string `yaml:"awsKMSKeyID,omitempty"`
	AwsRegion   string `yaml:"awsRegion,omitempty"`
	AwsCertPath string `yaml:"awsCertPath,omitempty"`
}

SigningKeyAndCertificate describes a signing key & certificate.

func (SigningKeyAndCertificate) GetSigner added in v1.6.0

GetSigner returns the signer.

Directories

Path Synopsis
internal
signer/aws
Package aws implements SecureBoot/PCR signers via AWS Key Management Service.
Package aws implements SecureBoot/PCR signers via AWS Key Management Service.
signer/azure
Package azure implements SecureBoot/PCR signers via Azure Key Vault.
Package azure implements SecureBoot/PCR signers via Azure Key Vault.
signer/file
Package file implements SecureBoot/PCR signers via plain filesystem files.
Package file implements SecureBoot/PCR signers via plain filesystem files.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL