Page MenuHomeVyOS Platform
Create Task
Maniphest T4919

TPM-backed config encryption
Needs testing, WishlistPublicFEATURE REQUEST
Actions

Description

Looking into viability of adding support for TPM-backed encryption of /config data

Various factors to consider:

  • Which PCRs to require to ensure hardware/software integrity (End user configurable?)
  • Handling failed config decryption on boot (Fallback config?)

Details

Difficulty level
Hard (possibly days)
Version
1.5
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Event Timeline

sarthurdev created this task.Jan 6 2023, 7:44 PM
sarthurdev claimed this task.Jan 6 2023, 7:48 PM
sarthurdev triaged this task as Wishlist priority.
sarthurdev changed Difficulty level from Unknown (require assessment) to Hard (possibly days).
sarthurdev changed Version from - to 1.4.
syncer changed the task status from Open to In progress.Jan 6 2023, 10:04 PM
c-po awarded a token.Jan 7 2023, 8:36 AM
pasik added a subscriber: pasik.Jan 7 2023, 11:23 AM
sarthurdev added a comment.Jan 7 2023, 12:03 PM

Draft PR: https://github.com/vyos/vyos-1x/pull/1740

Viacheslav added a project: VyOS 1.5 Circinus.Sep 1 2023, 8:07 AM
fernando added subscribers: Viacheslav, c-po, fernando.Sep 6 2023, 1:28 PM

@sdev take a look over these repository :

https://github.com/stefanberger/swtpm/tree/master

https://github.com/stefanberger/swtpm/wiki

It appears to be the most straightforward and run several virtual environments @Viacheslav @c-po

sarthurdev added a comment.Sep 13 2023, 9:35 AM

@fernando See here: https://github.com/vyos/vyos-build/pull/297

Once the new install tools are complete and merged into 1.5, I will update the TPM PRs and mark them ready for review.

fernando added a comment.Sep 13 2023, 4:39 PM

@sdev greats !!!

aga added a subscriber: aga.Sep 16 2023, 1:42 PM
sarthurdev changed the task status from In progress to Needs testing.Feb 20 2024, 11:49 AM
sarthurdev removed a project: VyOS 1.4 Sagitta.
sarthurdev changed Version from 1.4 to 1.5.
sarthurdev moved this task from Need Triage to In Progress on the VyOS 1.5 Circinus board.
Embezzle added a subscriber: Embezzle.Fri, Apr 12, 11:00 AM