kairos icon indicating copy to clipboard operation
kairos copied to clipboard

Published 20 hours ago verified publisher icon kairos-io

[factory web ui] add trusted boot support

Open mauromorales opened this issue 8 months ago • 6 comments

When selecting trusted boot, the user should be able to provide their own keys, or the factory should build new keys for them. If the latter, then it should also allow to download those keys

mauromorales avatar Mar 17 '25 08:03 mauromorales

IMO, we should not do this. Not handling PRIVATE keys in web its nice and we cnanot be held responsible for losing them.

If you want to use trusted keys, we could just have a demo mode that uses our test keys so you can test this stuff, but should redirect users to run trusted boot builds (outputs, because the container need no keys) to do themloally, off the internet if possible

Itxaka avatar Mar 17 '25 09:03 Itxaka

Could you enable this via some flag/var such that trusted boot can be selected via the webui when serving locally (instead of your public internet instance)?

tbrasser avatar Mar 17 '25 09:03 tbrasser

IMO, we should not do this. Not handling PRIVATE keys in web its nice and we cnanot be held responsible for losing them.

Nothing forbids to run the webui locally and let the user handle the keys as they prefer.

mudler avatar Mar 17 '25 10:03 mudler

IMO, we should not do this. Not handling PRIVATE keys in web its nice and we cnanot be held responsible for losing them.

Nothing forbids to run the webui locally and let the user handle the keys as they prefer.

Sure but what about browser extensions for example? And the more stuff is in a machine the more the surface attack is.

IMHO the only way to work with keys for signing this stuff is in a offline, updated, minimal machine. No desktop or browsers.

Take into account that I'm talking about a public instance here, for example ours if we setup this online. If we want to provide a flag to enable that and let people know the risks then I'm ok with having the option.

Itxaka avatar Mar 17 '25 14:03 Itxaka

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar May 28 '25 02:05 github-actions[bot]

IMO, we should not do this. Not handling PRIVATE keys in web its nice and we cnanot be held responsible for losing them.

Nothing forbids to run the webui locally and let the user handle the keys as they prefer.

Sure but what about browser extensions for example? And the more stuff is in a machine the more the surface attack is.

IMHO the only way to work with keys for signing this stuff is in a offline, updated, minimal machine. No desktop or browsers.

Take into account that I'm talking about a public instance here, for example ours if we setup this online. If we want to provide a flag to enable that and let people know the risks then I'm ok with having the option.

Agreeing here about online use - indeed in my comment I refered to be able to use it locally.

However using the browser to drive the building process is still very much wanted to simplify the UX and streamline usage aside the cli.

mudler avatar May 28 '25 06:05 mudler

Related ticket: https://github.com/kairos-io/kairos/issues/3661

jimmykarily avatar Sep 15 '25 09:09 jimmykarily