robotnix icon indicating copy to clipboard operation
robotnix copied to clipboard

Published 20 hours ago verified publisher icon danielfullmer

Add a config option for a list of allowed avb keys in auditor

Open yu-re-ka opened this issue 2 years ago • 1 comments

I have two devices running robotnix, with different avb keys. I want to use Auditor, but since each device's auditor only trusts its own avb key, it refuses to verify the other device.

yu-re-ka avatar Sep 19 '21 10:09 yu-re-ka

There's two components to implementing in the way I'd ultimately like:

  1. Provide config options for all supported devices under both robotnix apps.auditor.devices.* as well as under the NixOS module services.attestation-server.devices.* Preferably these config options would be identical so the user could have the same configuration for both (e.g. via import ing a shared .nix file)

  2. Auto-fill out these config options for supported devices using user-generated keys.

Currently (1) and (2) are working for only one device. Implementing (2) nicely for multiple devices would involve finishing https://github.com/danielfullmer/robotnix/issues/24. However, implementing (1) for multiple devices doesn't need to wait on finishing the requirements for (2). If only (1) is completed then advanced users could fill out these options themselves in the meantime.

danielfullmer avatar Sep 24 '21 03:09 danielfullmer