-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Random key generation #385
Conversation
As described in: https://rust-random.github.io/book/guide-rngs.html#not-a-crypto-library
|
Updated, but I need to explain : Now I updated the branch using already existing in Ocicrypt-rs module rand_bytes function, which does exactly what I needed here and is already being drived by |
45b5acf
to
a447133
Compare
7665429
to
609ac22
Compare
609ac22
to
9c4f1ac
Compare
50d59ed
to
bd495aa
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM and we have enclave-cc CI passing with this
8b78aed
to
4f58887
Compare
@arronwy does this look OK? |
Signed-off-by: piotrpalcz <[email protected]>
cfa759f
to
cf057a8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @piotrpalcz LGTM! Just a minor suggest.
let random_key = generate_random_key(); | ||
std::fs::write(PathBuf::from(&keys_mount_path.join("key.txt")), &random_key)?; | ||
nix::mount::umount(keys_mount_path)?; | ||
|
||
let options = format!( | ||
"dir={},key={}", | ||
Path::new("/images").join(cid).join("sefs/lower").display(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we can also use key_mount_options
here.·
This PR is realted to Shim/rune PR confidential-containers/enclave-cc#256 and enclave-cc PR confidential-containers/enclave-cc#265
Creates a randomly generated key to use in unionFS that is then stored in file and passed to be mounted and read by boot enclave to use that unionFS