Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[11.0-stable] Give wwan microservice access to the config partition #3750

Merged
merged 1 commit into from
Feb 9, 2024
Merged

[11.0-stable] Give wwan microservice access to the config partition #3750

merged 1 commit into from
Feb 9, 2024

Conversation

milan-zededa
Copy link
Contributor

mmagent from the wwan microservice uses GetCipherCredentials to decrypt username/password for a cellular network. Internally, this depends on IsTpmEnabled() function, which determines the status of TPM by checking for the presence/absence of /config/device.cert.pem and /config/device.key.pem. This means that wwan container should have the config partition mounted as well, otherwise IsTpmEnabled() may return incorrect value and cause the decryption to fail.

@codecov Codecov
Copy link

codecov bot commented Feb 9, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (4972221) 20.30% compared to head (de7d908) 20.30%.
Report is 1 commits behind head on 11.0-stable.

Additional details and impacted files 
@@             Coverage Diff              @@
##           11.0-stable    #3750   +/-   ##
============================================
  Coverage        20.30%   20.30%           
============================================
  Files              212      212           
  Lines            46071    46071           
============================================
  Hits              9354     9354           
  Misses           36034    36034           
  Partials           683      683

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

uncleDecart
uncleDecart approved these changes Feb 9, 2024
View reviewed changes
Copy link
Contributor

@uncleDecart uncleDecart left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

eriknordmark
eriknordmark approved these changes Feb 9, 2024
View reviewed changes
Copy link
Contributor

@eriknordmark eriknordmark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you make the commit message and the description refer to the commit/PR in master?

@milan-zededa
Give wwan microservice access to the config partition
de7d908 
mmagent from the wwan microservice uses GetCipherCredentials to decrypt
username/password for a cellular network. Internally, this depends on
IsTpmEnabled() function, which determines the status of TPM by checking
for the presence/absence of /config/device.cert.pem and
/config/device.key.pem. This means that wwan container should have the
config partition mounted as well, otherwise IsTpmEnabled() may return
incorrect value and cause the decryption to fail.

Signed-off-by: Milan Lenco <milan@zededa.com>
(cherry picked from commit 2dcaf10)
@milan-zededa
Copy link
Contributor Author

Can you make the commit message and the description refer to the commit/PR in master?

Done

@eriknordmark eriknordmark merged commit f999c8e into lf-edge:11.0-stable Feb 9, 2024
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eriknordmark eriknordmark eriknordmark approved these changes

@uncleDecart uncleDecart uncleDecart approved these changes

@rouming rouming Awaiting requested review from rouming

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@milan-zededa @eriknordmark @uncleDecart