Skip to content

[Bootstrap Agent] Actually create trust quorum -> use unique device IDs -> make bootstrap addresses random #945

New issue
New issue
Open
Open
[Bootstrap Agent] Actually create trust quorum -> use unique device IDs -> make bootstrap addresses random#945
Assignees
andrewjstone
Labels
bootstrap servicesFor those occasions where you want the rack to turn ontrust quorumTrust Quorum related
@smklein

Description

@smklein
smklein
opened on Apr 19, 2022

... and, importantly, record enough information about peer sleds to be able to re-identify them. For full context, see: RFD 238: Trust Quorum and Rack Unlock.

RFD 259, Section 3.2 documents:

Each server derives a bootstrap IPv6 /64 prefix. This may be non-persistent and randomly generated...

However, today, the bootstrap addresses are persistent. This durability allows services - such as RSS - to uniquely identify them, which allows RSS to safely provision services to sleds safely, even across reboots.

If sleds could uniquely identify their peers based on some other form of identity - for example, from a certificate derived from the RoT - that could be used as a unique ID, and the bootstrap address could become more transient.

Metadata

Metadata

Assignees

Labels

bootstrap servicesFor those occasions where you want the rack to turn ontrust quorumTrust Quorum related

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions