Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

overlord/install/install.go: use plainkey for save key #14706

Open
wants to merge 5 commits into
base: fde-manager-features
Choose a base branch
from
Open

overlord/install/install.go: use plainkey for save key #14706

wants to merge 5 commits into from

Conversation

valentindavid
Copy link
Contributor

No description provided.

@valentindavid valentindavid added Run nested The PR also runs tests inluded in nested suite FDE Manager Pull requests that target FDE manager branch labels Nov 11, 2024
@valentindavid valentindavid force-pushed the valentindavid/save-plainkeys branch 4 times, most recently from 4bc0793 to 5c615ca Compare November 11, 2024 15:07
@codecov Codecov
Copy link

codecov bot commented Nov 11, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 45.45455% with 48 lines in your changes missing coverage. Please review.

Please upload report for BASE (fde-manager-features@4d6452a). Learn more about missing BASE report.

Files with missing lines Patch % Lines
overlord/install/install.go 33.33% 20 Missing and 10 partials ⚠️
secboot/keys/plainkey_nosb.go 0.00% 13 Missing ⚠️
secboot/keys/plainkey.go 78.57% 2 Missing and 1 partial ⚠️
boot/seal.go 71.42% 2 Missing ⚠️
Additional details and impacted files 
@@                   Coverage Diff                   @@
##             fde-manager-features   #14706   +/-   ##
=======================================================
  Coverage                        ?   78.83%           
=======================================================
  Files                           ?     1096           
  Lines                           ?   148248           
  Branches                        ?        0           
=======================================================
  Hits                            ?   116865           
  Misses                          ?    24082           
  Partials                        ?     7301
Flag Coverage Δ
unittests 78.83% <45.45%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@valentindavid valentindavid force-pushed the valentindavid/save-plainkeys branch from 5c615ca to 3be47e8 Compare November 20, 2024 11:17
@github-actions github-actions bot added the Run Nested -auto- Label automatically added in case nested tests need to be executed label Nov 20, 2024
@valentindavid valentindavid force-pushed the valentindavid/save-plainkeys branch from 3be47e8 to 76c9119 Compare November 20, 2024 11:29
@valentindavid valentindavid force-pushed the valentindavid/save-plainkeys branch 5 times, most recently from aa56f86 to 2853766 Compare December 6, 2024 12:14
@valentindavid valentindavid marked this pull request as ready for review December 6, 2024 14:01
pedronis
pedronis reviewed Dec 10, 2024
View reviewed changes
Copy link
Collaborator

@pedronis pedronis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

did a pass

secboot/keys/plainkey.go Show resolved Hide resolved
cmd/snap-bootstrap/cmd_initramfs_mounts_test.go Outdated
@@ -8236,7 +8236,7 @@ echo '{"features":[]}'
observeExistingTrustedRecoveryAssetsCalled += 1
return nil
},
SetBootstrappedContainersFunc: func(key, saveKey secboot.BootstrappedContainer) {
SetBootstrappedContainersFunc: func(key, saveKey secboot.BootstrappedContainer, primaryKey []byte) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not new to this PR but shouldn't these check the arguments they get?

boot/makebootable.go Show resolved Hide resolved
boot/assets.go Outdated
@@ -256,7 +256,7 @@ func isAssetHashTrackedInMap(bam bootAssetsMap, assetName, assetHash string) boo
type TrustedAssetsInstallObserver interface {
BootLoaderSupportsEfiVariables() bool
ObserveExistingTrustedRecoveryAssets(recoveryRootDir string) error
SetBootstrappedContainers(key, saveKey secboot.BootstrappedContainer)
SetBootstrappedContainers(key, saveKey secboot.BootstrappedContainer, primaryKey []byte)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... AndPrimarKey should be added to the name I suppose now

boot/makebootable_test.go Outdated
@@ -1102,7 +1102,7 @@ version: 5.0
// set encryption key
myKey := secboot.CreateMockBootstrappedContainer()
myKey2 := secboot.CreateMockBootstrappedContainer()
obs.SetBootstrappedContainers(myKey, myKey2)
obs.SetBootstrappedContainers(myKey, myKey2, nil)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are there tests in this package where primaryKey is not set to nil?

boot/seal.go Show resolved Hide resolved
overlord/fdestate/backend/seal.go Outdated
@@ -112,12 +112,12 @@ func sealRunObjectKeys(key secboot.BootstrappedContainer, pbc boot.PredictableBo
// path only unseals one object because unsealing is expensive.
// Furthermore, the run object key is stored on ubuntu-boot so that we do not
// need to continually write/read keys from ubuntu-seed.
primaryKey, err := secbootSealKeys(runKeySealRequests(key, useTokens), sealKeyParams)
createdPrimaryKey, err := secbootSealKeys(runKeySealRequests(key, useTokens), sealKeyParams)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm confused, does it make sense to call it created if it was passed in or it depends whether is passed in or not? even in that case something more generic would be better?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, according to sbNewProtectedKey, it will get created only if nil was passed as the primary key

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be created, or the same if not nil. If we are in the case where use tokens, the primary key will be already picked because of the plainkey, and the parameter primaryKey will contain that key. And createdPrimaryKey will be the same key. If we do not use a tokens, then we did not chose a primary key yet. Then primaryKey is nil. And then createdPrimaryKey is a new key.

I could name them "primaryKeyInput" and "primaryKeyOutput". Or I could name same "primaryKey", "chosenPrimaryKey". Or "maybePrimaryKey" and "primaryKey".

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybePrimaryKey and primaryKey seem fine here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done.

ZeyadYasser
ZeyadYasser reviewed Dec 11, 2024
View reviewed changes
Copy link
Contributor

@ZeyadYasser ZeyadYasser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! small nitpicks

secboot/keys/plainkey_nosb.go Outdated Show resolved Hide resolved
secboot/keys/plainkey.go Show resolved Hide resolved
secboot/keys/plainkey_test.go Outdated

protectorKey, err := keys.NewProtectorKey()
c.Assert(err, IsNil)
protectedKey, primaryKeyOut, unlockKey, err := protectorKey.CreateProtectedKey([]byte("primary-in"))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe another variant where nil is passed, as this mimics what is done in install.PrepareEncryptedSystemData

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. Done.

overlord/install/install_test.go Outdated
c.Check(marker, HasLen, 32)
c.Check(filepath.Join(boot.InstallHostFDESaveDir, "marker"), testutil.FileEquals, marker)

// the assets cache was written to
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// the assets cache was written to
// Check that assets cache was written

overlord/fdestate/backend/seal.go Outdated
@@ -112,12 +112,12 @@ func sealRunObjectKeys(key secboot.BootstrappedContainer, pbc boot.PredictableBo
// path only unseals one object because unsealing is expensive.
// Furthermore, the run object key is stored on ubuntu-boot so that we do not
// need to continually write/read keys from ubuntu-seed.
primaryKey, err := secbootSealKeys(runKeySealRequests(key, useTokens), sealKeyParams)
createdPrimaryKey, err := secbootSealKeys(runKeySealRequests(key, useTokens), sealKeyParams)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, according to sbNewProtectedKey, it will get created only if nil was passed as the primary key

ZeyadYasser
ZeyadYasser approved these changes Dec 12, 2024
View reviewed changes
Copy link
Contributor

@ZeyadYasser ZeyadYasser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

small nitpick on test coverage https://github.com/canonical/snapd/pull/14706/files#r1879654817

pedronis
pedronis approved these changes Dec 12, 2024
View reviewed changes
Copy link
Collaborator

@pedronis pedronis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks, style comment

secboot/keys/plainkey.go Outdated
sbNewProtectedKey = sb_plainkey.NewProtectedKey
)

// ProtectorKey is a key that can be used to protect "plainkey" keys
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: all the doc comments should be sentences/paragraphs ending with "." thx

@valentindavid valentindavid force-pushed the valentindavid/save-plainkeys branch from 6b5d83e to d778338 Compare December 12, 2024 13:29
@valentindavid
Copy link
Contributor Author

I have cleaned up the history.

@valentindavid valentindavid force-pushed the valentindavid/save-plainkeys branch from d778338 to 941da67 Compare December 12, 2024 13:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ZeyadYasser ZeyadYasser ZeyadYasser approved these changes

@pedronis pedronis pedronis approved these changes

@bboozzoo bboozzoo Awaiting requested review from bboozzoo

Assignees
No one assigned
Labels
FDE Manager Pull requests that target FDE manager branch Run Nested -auto- Label automatically added in case nested tests need to be executed Run nested The PR also runs tests inluded in nested suite
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@valentindavid @pedronis @ZeyadYasser