Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement support for TPM-backed signing keys (#953) #955

Closed

Conversation

charles-dyfis-net
Copy link

@charles-dyfis-net charles-dyfis-net commented Apr 12, 2021

Fixes #953

Requirements

This should not be removed from draft state until the below are checked.

  • Documentation is updated
  • Test coverage has been extended to cover the new functionality.
  • Switch from the charles-dyfis-net fork of tpmk to upstream (which at the time of that fork's creation did not support clearsigning, but does now).

The test suite shall use Google's TPM emulator for Go (supported by tpmk and used for its own test suite), so it can be run on systems without TPM hardware.

Description of the Change

Use the Go library github.com/folbricht/tpmk to support TPM-backed keys for OpenPGP signatures.

This allows hardware-backed keys to be used for repository signing. Because the private key data cannot be copied out of the TPM into general-purpose RAM, these keys cannot be stolen by an attacker and used to sign content on a different host; as soon as an attacker's access to the host with the TPM is eliminated, that attacker can no longer generate signatures with any key that TPM stored.

This feature is not available in released versions of upstream GnuPG, so it exclusive to the internal Go implementation.

Checklist

  • unit-test added (if change is algorithm)
  • functional test added/updated (if change is functional)
  • man page updated (if applicable)
  • bash completion updated (not applicable)
  • documentation updated
  • author name in AUTHORS

@charles-dyfis-net
Copy link
Author

@folbricht has tracked down the build failure -- while tpmk declared a dependency on Go 1.11, it in fact requires Go 1.15.

I expect this PR will need to be extended to hide the feature behind a tag (or otherwise make it conditionally compiled).

@charles-dyfis-net
Copy link
Author

...a question for the aptly team here: What's the feasibility of having a go 1.15 builder in Travis, so this code can be tested if it's moved behind such a flag?

@lbolla
Copy link
Contributor

lbolla commented Jan 28, 2022

@charles-dyfis-net Travis is no more. We have GH Actions running Go 1.14, 15, 16, and 17.

Would you like to rebase against master?

Also, there are no tests, which are required for a PR to be considered for merging.

@randombenj
Copy link
Contributor

I will close this as there seems to be a lack of interest for this change, feel free to leave a comment if you want this reopened

@randombenj randombenj closed this Apr 13, 2022
@neolynx neolynx self-assigned this Apr 24, 2024
@neolynx neolynx reopened this Apr 24, 2024
Copy link

codecov bot commented Apr 24, 2024

Welcome to Codecov 🎉

Once you merge this PR into your default branch, you're all set! Codecov will compare coverage reports and display results in all future pull requests.

Thanks for integrating Codecov - We've got you covered ☂️

@neolynx
Copy link
Member

neolynx commented Jun 15, 2024

See #1288

@neolynx neolynx closed this Jun 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support TPM-backed signing key storage
4 participants