snapd icon indicating copy to clipboard operation
snapd copied to clipboard
verified publisher icon snapcore

go.mod: move to latest secboot

Open valentindavid opened this issue 2 years ago • 6 comments

valentindavid avatar Oct 27 '23 10:10 valentindavid

~~!13278 with https://github.com/snapcore/secboot/pull/266/~~

valentindavid avatar Oct 27 '23 10:10 valentindavid

Codecov Report

Attention: 16 lines in your changes are missing coverage. Please review.

Comparison is base (cdbd316) 78.96% compared to head (6535984) 78.86%. Report is 55 commits behind head on master.

Files Patch % Lines
secboot/secboot_hooks.go 52.38% 8 Missing and 2 partials :warning:
secboot/secboot_sb.go 40.00% 2 Missing and 1 partial :warning:
secboot/secboot_tpm.go 91.17% 2 Missing and 1 partial :warning:

:exclamation: Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #13339      +/-   ##
==========================================
- Coverage   78.96%   78.86%   -0.10%     
==========================================
  Files        1028     1030       +2     
  Lines      129762   130548     +786     
==========================================
+ Hits       102462   102958     +496     
- Misses      20911    21177     +266     
- Partials     6389     6413      +24
Flag Coverage Δ
unittests 78.86% <73.77%> (-0.10%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov-commenter avatar Oct 27 '23 11:10 codecov-commenter

tests/nested/core/core20-gadget-reseal started to fail with:

2023-12-05T17:20:27.3929553Z [   91.522913] snapd[1922]: 2023/12/05 17:10:31.229509 logger.go:93: DEBUG: 2023-12-05T17:10:31Z ERROR cannot set next boot: cannot reseal the fallback encryption keys: cannot increment counter: TPM returned a warning whilst executing command TPM_CC_StartAuthSession: TPM_RC_SESSION_MEMORY (out of memory for session contexts)

valentindavid avatar Dec 06 '23 09:12 valentindavid

I made a pass. An additional change that I wonder if is needed is that in the past parts of secboot were imported in snapd: https://github.com/snapcore/snapd/commit/a466265db2a4f124cca948ed39884d55b9d9a2fe https://github.com/snapcore/snapd/commit/e45a076a6ffd088cfce600db3b1ed8f862204c1d and maybe we can use directly secboot now. But I don't know about the reason for importing code this way, maybe @pedronis has some context. Anyway, that should be possible a follow-up.

I had a quick look if I could build without it. It seems that we need this code to enroll recovery keys from snap-fde-keymgr. The functions it calls are in "internal" part of secboot and cannot be used directly.

valentindavid avatar Jan 11 '24 14:01 valentindavid

I have added the Block label, because we should not merge it yet. The new key format has to be merged together. But it should still be reviewed.

valentindavid avatar Jan 12 '24 13:01 valentindavid

lgtm, one question, did Chris have a look a the changes?

I do not know if he looked through it.

valentindavid avatar Jan 18 '24 12:01 valentindavid

Everything is in #13951. Closing this one.

valentindavid avatar Jun 21 '24 07:06 valentindavid