hsskey

package

v0.14.0 Latest Latest Go to latest Published: Feb 27, 2024 License: BSD-3-Clause Imports: 12 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/u-root/u-root

Links

Open Source Insights

Documentation ¶

Overview ¶

Package hsskey provides functionality for generating a key for unlocking drives based on the following procedure:

Via BMC, read a 32-byte secret seed known as the Host Secret Seed (HSS) using the OpenBMC IPMI blob transfer protocol
Via EEPROM, read a 32-byte secret seed from EEPROM
Compute a password as follows: We get the deterministically computed 32-byte HDKF-SHA256 using: - salt: "SKM PROD_V2 ACCESS" (default) - hss: 32-byte HSS - device identity: strings formed by concatenating the assembly serial number, the _ character, and the assembly part number.

Index ¶

Constants
func GenPassword(hss []byte, salt string, identifiers ...string) ([]byte, error)
func GetAllHss(warnings io.Writer, verboseDangerous bool, eepromPattern string, ...) ([][]uint8, error)
func GetHssFromFile(warnings io.Writer, verboseDangerous bool, filePaths []string, ...) ([][]byte, error)
func ReadHssFromFile(filePath string, minHssPerFile int) ([][]byte, error)
func WriteHssToFile(warnings io.Writer, verboseDangerous bool, file *os.File, hss [][]byte) error
func WriteHssToTempFile(warnings io.Writer, verboseDangerous bool, hss [][]byte) (string, error)

Constants ¶

View Source

const (
	DefaultPasswordSalt = "SKM PROD_V2 ACCESS"
)

Variables ¶

This section is empty.

Functions ¶

func GenPassword ¶

func GenPassword(hss []byte, salt string, identifiers ...string) ([]byte, error)

GenPassword computes the password deterministically as the 32-byte HDKF-SHA256 of the HSS plus the device identity.

func GetAllHss ¶

func GetAllHss(warnings io.Writer, verboseDangerous bool, eepromPattern string, hssFiles string) ([][]uint8, error)

GetAllHss reads all host secret seeds from IPMI or EEPROM.

eepromPattern: A string pattern to find EEPROMs in sysfs paths. The glob string used for searching will be in the format: "/sys/bus/i2c/devices/{eepromPattern}/eeprom". For example, 0-005* An empty string "" will skip the attempt to read from EEPROM.

func GetHssFromFile ¶ added in v0.12.0

func GetHssFromFile(warnings io.Writer, verboseDangerous bool, filePaths []string, minHssPerFile int) ([][]byte, error)

GetHssFromFile reads HSS keys from the specified files. Each HSS key is 64 bytes long and has a checksum for validation. Duplicate HSS are removed.

func ReadHssFromFile ¶ added in v0.12.0

func ReadHssFromFile(filePath string, minHssPerFile int) ([][]byte, error)

ReadHssFromFile reads HSS keys from the specified file. Each HSS key is 64 bytes long and has a checksum for validation.

func WriteHssToFile ¶ added in v0.12.0

func WriteHssToFile(warnings io.Writer, verboseDangerous bool, file *os.File, hss [][]byte) error

WriteHssToFile writes a list of HSS to an open file. Each HSS key is expected to be 64 bytes long and has a checksum for validation. HSS that fail to validate are not written to the file. Function returns error if no HSS are written or writing can no longer continue.

func WriteHssToTempFile ¶ added in v0.12.0

func WriteHssToTempFile(warnings io.Writer, verboseDangerous bool, hss [][]byte) (string, error)

WriteHssToTempFile writes a list of HSS to a tmpfs file where the filepath is returned. See WriteHssToFile for HSS details.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL