robotnix
robotnix copied to clipboard
Add a config option for a list of allowed avb keys in auditor
I have two devices running robotnix, with different avb keys. I want to use Auditor, but since each device's auditor only trusts its own avb key, it refuses to verify the other device.
There's two components to implementing in the way I'd ultimately like:
-
Provide config options for all supported devices under both robotnix
apps.auditor.devices.*
as well as under the NixOS moduleservices.attestation-server.devices.*
Preferably these config options would be identical so the user could have the same configuration for both (e.g. viaimport
ing a shared.nix
file) -
Auto-fill out these config options for supported devices using user-generated keys.
Currently (1) and (2) are working for only one device. Implementing (2) nicely for multiple devices would involve finishing https://github.com/danielfullmer/robotnix/issues/24. However, implementing (1) for multiple devices doesn't need to wait on finishing the requirements for (2). If only (1) is completed then advanced users could fill out these options themselves in the meantime.