tiiuae
diff --git a/‎lib/global-config.nix‎
Lines changed: 26 additions & 0 deletions b/‎lib/global-config.nix‎
Lines changed: 26 additions & 0 deletions
diff --git a/‎modules/common/security/spiffe/agent.nix‎
Lines changed: 67 additions & 28 deletions b/‎modules/common/security/spiffe/agent.nix‎
Lines changed: 67 additions & 28 deletions
diff --git a/‎modules/common/security/spiffe/default.nix‎
Lines changed: 2 additions & 0 deletions b/‎modules/common/security/spiffe/default.nix‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎modules/common/security/spiffe/devid-ca.nix‎
Lines changed: 0 additions & 12 deletions b/‎modules/common/security/spiffe/devid-ca.nix‎
Lines changed: 0 additions & 12 deletions
diff --git a/‎modules/common/security/spiffe/devid-provision.nix‎
Lines changed: 14 additions & 4 deletions b/‎modules/common/security/spiffe/devid-provision.nix‎
Lines changed: 14 additions & 4 deletions
diff --git a/‎modules/common/security/spiffe/server.nix‎
Lines changed: 30 additions & 13 deletions b/‎modules/common/security/spiffe/server.nix‎
Lines changed: 30 additions & 13 deletions
@@ -123,6 +123,32 @@ rec {
         };
         tpmAttestation = {
           enable = mkEnableOption "TPM DevID node attestation for system VMs";
+          endorsementCaCerts = mkOption {
+            type = types.listOf types.path;
+            default = [ ];
+            description = ''
+              TPM manufacturer endorsement CA certs (PEM files).
+              Deprecated: use endorsementCaBundle instead.
+              Kept for backward compatibility.
+            '';
+          };
+          endorsementCaBundle = mkOption {
+            type = types.path;
+            default = "";
+            description = ''
+              Combined PEM file with all TPM manufacturer endorsement CAs.
+              Populated from tpm-endorsement.nix wiring module (points to all.pem).
+              Used by SPIRE server as endorsement_ca_path.
+            '';
+          };
+          endorsementCaVendors = mkOption {
+            type = types.listOf types.str;
+            default = [ ];
+            description = ''
+              Expected TPM vendor names (advisory, for warning on mismatch).
+              Populated from hardware definition.
+            '';
+          };
         };
       };
 
 
@@ -20,7 +20,8 @@ let
 
   useTpmDevid = cfg.attestationMode == "tpm_devid";
 
-  agentConf = ''
+  # Common agent config (shared between tpm_devid and join_token modes)
+  agentConfCommon = ''
     agent {
       data_dir = "${cfg.dataDir}"
       log_level = "${cfg.logLevel}"
@@ -29,34 +30,40 @@ let
       trust_domain = "${cfg.trustDomain}"
       trust_bundle_path = "${cfg.trustBundlePath}"
       socket_path = "${cfg.socketPath}"
-  ''
-  + lib.optionalString (!useTpmDevid) ''
-    join_token_file = "${cfg.joinTokenFile}"
-  ''
-  + ''
+  '';
+
+  agentConfTpmDevid = agentConfCommon + ''
     }
 
     plugins {
-  ''
-  + (
-    if useTpmDevid then
-      ''
-        NodeAttestor "tpm_devid" {
-          plugin_data {
-            devid_cert_path = "${cfg.tpmDevid.certPath}"
-            devid_priv_path = "${cfg.tpmDevid.privPath}"
-            devid_pub_path = "${cfg.tpmDevid.pubPath}"
-          }
+      NodeAttestor "tpm_devid" {
+        plugin_data {
+          devid_cert_path = "${cfg.tpmDevid.certPath}"
+          devid_priv_path = "${cfg.tpmDevid.privPath}"
+          devid_pub_path = "${cfg.tpmDevid.pubPath}"
         }
-      ''
-    else
-      ''
-        NodeAttestor "join_token" {
-          plugin_data {}
+      }
+
+      WorkloadAttestor "unix" {
+        plugin_data {}
+      }
+
+      KeyManager "disk" {
+        plugin_data {
+          directory = "${cfg.dataDir}/keys"
         }
-      ''
-  )
-  + ''
+      }
+    }
+  '';
+
+  agentConfJoinToken = agentConfCommon + ''
+    join_token_file = "${cfg.joinTokenFile}"
+    }
+
+    plugins {
+      NodeAttestor "join_token" {
+        plugin_data {}
+      }
 
       WorkloadAttestor "unix" {
         plugin_data {}
@@ -69,6 +76,25 @@ let
       }
     }
   '';
+
+  # For tpm_devid mode, generate both configs and select at runtime
+
+  # Runtime config selector: checks if DevID files exist, falls back to join_token
+  agentConfSelector = pkgs.writeShellScript "spire-agent-select-config" ''
+    if [ "${toString useTpmDevid}" = "1" ]; then
+      if [ -f "${cfg.tpmDevid.certPath}" ] && \
+         [ -f "${cfg.tpmDevid.privPath}" ] && \
+         [ -f "${cfg.tpmDevid.pubPath}" ]; then
+        echo "DevID files found, using tpm_devid attestation"
+        ln -sf /etc/spire/agent-tpm-devid.conf /run/spire/agent.conf
+      else
+        echo "DevID files not found, falling back to join_token attestation"
+        ln -sf /etc/spire/agent-join-token.conf /run/spire/agent.conf
+      fi
+    else
+      ln -sf /etc/spire/agent-join-token.conf /run/spire/agent.conf
+    fi
+  '';
 in
 {
   _file = ./agent.nix;
@@ -185,7 +211,10 @@ in
       extraGroups = lib.mkAfter [ cfg.workloadApiGroup ];
     }));
 
-    environment.etc."spire/agent.conf".text = agentConf;
+    environment.etc."spire/agent-join-token.conf".text = agentConfJoinToken;
+    environment.etc."spire/agent-tpm-devid.conf" = lib.mkIf useTpmDevid {
+      text = agentConfTpmDevid;
+    };
 
     # Own /run/spire via tmpfiles with group access for spiffe users
     systemd.tmpfiles.rules = [
@@ -200,8 +229,17 @@ in
       after = [
         "network-online.target"
       ]
-      ++ lib.optionals useTpmDevid [ "spire-devid-provision.service" ];
-      wants = [ "network-online.target" ];
+      ++ lib.optionals useTpmDevid [
+        "tpm-vendor-detect.service"
+        "tpm-ek-verify.service"
+        "spire-devid-provision.service"
+      ];
+      wants = [
+        "network-online.target"
+      ]
+      ++ lib.optionals useTpmDevid [
+        "spire-devid-provision.service"
+      ];
       unitConfig = {
         RequiresMountsFor = [ "/etc/common" ];
       };
@@ -221,7 +259,8 @@ in
           config.security.tpm2.tssGroup or "tss"
         ];
 
-        ExecStart = "${pkgs.spire}/bin/spire-agent run -config /etc/spire/agent.conf";
+        ExecStartPre = "+${agentConfSelector}";
+        ExecStart = "${pkgs.spire}/bin/spire-agent run -config /run/spire/agent.conf";
 
         StateDirectory = "spire/agent";
         StateDirectoryMode = "0750";
 
@@ -18,6 +18,8 @@ in
     ./agent.nix
     ./devid-ca.nix
     ./devid-provision.nix
+    ./tpm-vendor-detect.nix
+    ./tpm-ek-verify.nix
   ];
 
   options.ghaf.security.spiffe = {
 
@@ -56,18 +56,6 @@ let
       cp "$CA_CERT" "${caPublishPath}"
       chmod 0644 "${caPublishPath}"
       echo "Published CA cert to ${caPublishPath}"
-
-      # Create placeholder endorsement CA for SPIRE tpm_devid plugin.
-      # The tpm_devid NodeAttestor requires endorsement_ca_path (TPM manufacturer
-      # EK root cert). For production, replace with real manufacturer CAs
-      # (e.g. Infineon). This placeholder lets SPIRE server start; actual TPM
-      # DevID attestation will fail EK verification until real CAs are bundled.
-      ENDORSEMENT_CA="${caDir}/endorsement-ca.pem"
-      if [ ! -f "$ENDORSEMENT_CA" ]; then
-        cp "$CA_CERT" "$ENDORSEMENT_CA"
-        chmod 0644 "$ENDORSEMENT_CA"
-        echo "Created placeholder endorsement CA at $ENDORSEMENT_CA"
-      fi
     '';
   };
 
 
@@ -37,7 +37,8 @@ let
       CERT_DIR="${cfg.certDir}"
 
       mkdir -p "$DEVID_DIR"
-      chmod 0700 "$DEVID_DIR"
+      chmod 0750 "$DEVID_DIR"
+      chown root:spire "$DEVID_DIR"
 
       PRIV_BLOB="$DEVID_DIR/devid.priv"
       PUB_BLOB="$DEVID_DIR/devid.pub"
@@ -57,8 +58,15 @@ let
       else
         echo "Generating DevID key for $VM_NAME..."
 
-        # Create ephemeral primary key
-        tpm2_createprimary -C owner -c "$DEVID_DIR/primary.ctx" -Q
+        # Try to create primary key — hierarchies may be disabled when TPM is shared
+        if ! tpm2_createprimary -C owner -c "$DEVID_DIR/primary.ctx" -Q 2>/dev/null && \
+           ! tpm2_createprimary -C endorsement -c "$DEVID_DIR/primary.ctx" -Q 2>/dev/null; then
+          echo "WARNING: Cannot create TPM primary key — all hierarchies disabled"
+          echo "This is expected when TPM is shared across VMs with LUKS encryption"
+          echo "Falling back to join_token attestation"
+          echo "no-hierarchy" > /run/tpm/devid-status 2>/dev/null || true
+          exit 0
+        fi
 
         # Create RSA-2048 signing key under the primary
         tpm2_create -C "$DEVID_DIR/primary.ctx" -G rsa2048:rsassa:sha256 \
@@ -89,7 +97,8 @@ let
         # Clean up transient context files
         rm -f "$DEVID_DIR/primary.ctx" "$DEVID_DIR/devid.ctx"
 
-        chmod 0600 "$PRIV_BLOB" "$PUB_BLOB"
+        chown root:spire "$PRIV_BLOB" "$PUB_BLOB"
+        chmod 0640 "$PRIV_BLOB" "$PUB_BLOB"
         echo "DevID key blobs created"
 
         # Submit CSR to admin-vm via virtiofs
@@ -105,6 +114,7 @@ let
       for i in $(seq 1 120); do
         if [ -f "$CERT_DIR/$VM_NAME.pem" ]; then
           cp "$CERT_DIR/$VM_NAME.pem" "$CERT_FILE"
+          chown root:spire "$CERT_FILE"
           chmod 0644 "$CERT_FILE"
           echo "DevID certificate received and stored at $CERT_FILE"
           exit 0
 
@@ -16,7 +16,8 @@
 let
   cfg = config.ghaf.security.spiffe.server;
 
-  tpmAttestationEnabled = cfg.tpmAttestation.enable;
+  # tpm_devid requires the enable flag and a valid endorsement CA bundle
+  tpmAttestationEffective = cfg.tpmAttestation.enable && cfg.tpmAttestation.endorsementCaBundle != "";
 
   # Generate server.conf HCL
   serverConf = ''
@@ -44,11 +45,11 @@ let
         plugin_data {}
       }
   ''
-  + lib.optionalString tpmAttestationEnabled ''
+  + lib.optionalString tpmAttestationEffective ''
     NodeAttestor "tpm_devid" {
       plugin_data {
         devid_ca_path = "${cfg.tpmAttestation.devidCaPath}"
-        endorsement_ca_path = "${cfg.tpmAttestation.endorsementCaPath}"
+        endorsement_ca_path = "${cfg.tpmAttestation.endorsementCaBundle}"
       }
     }
   ''
@@ -163,7 +164,7 @@ let
       echo "Waiting for all $EXPECTED_AGENTS agents to register..."
       AGENT_COUNT=0
       for i in $(seq 1 90); do
-        AGENT_COUNT=$(spire-server agent list -socketPath "$SOCKET" 2>/dev/null | grep "SPIFFE ID" | wc -l)
+        AGENT_COUNT=$(spire-server agent list -socketPath "$SOCKET" 2>/dev/null | grep -c "SPIFFE ID" || true)
         if [ "$AGENT_COUNT" -ge "$EXPECTED_AGENTS" ]; then
           echo "All agents registered: $AGENT_COUNT/$EXPECTED_AGENTS"
           break
@@ -209,7 +210,7 @@ let
           SPIFFE_ID="spiffe://$TRUST_DOMAIN/workload/$WORKLOAD"
 
           # Check if entry exists for this agent+workload combo
-          EXISTS=$(spire-server entry show -socketPath "$SOCKET" 2>/dev/null | grep -A1 "$SPIFFE_ID" | grep "$PARENT_ID" | wc -l)
+          EXISTS=$(spire-server entry show -socketPath "$SOCKET" 2>/dev/null | grep -A1 "$SPIFFE_ID" | grep -c "$PARENT_ID" || true)
 
           if [ "$EXISTS" -gt 0 ]; then
             echo "  [skip] $WORKLOAD"
@@ -339,24 +340,40 @@ in
 
       devidCaPath = lib.mkOption {
         type = lib.types.str;
-        default = "/var/lib/spire/ca/ca.pem";
-        description = "Path to the DevID CA certificate";
+        default = "/etc/common/spire/ca/ca.pem";
+        description = "Path to the DevID CA certificate (virtiofs-published by devid-ca service)";
       };
 
-      endorsementCaPath = lib.mkOption {
+      endorsementCaBundle = lib.mkOption {
         type = lib.types.str;
-        default = "/var/lib/spire/ca/endorsement-ca.pem";
+        default = "";
         description = ''
-          Path to TPM manufacturer endorsement key CA certificate(s).
-          Used to verify TPM genuineness during DevID attestation.
-          For production, bundle real manufacturer root CAs (e.g. Infineon).
-          The DevID CA setup creates a placeholder here on first boot.
+          Combined PEM file with all TPM manufacturer endorsement CAs.
+          Used as endorsement_ca_path in SPIRE server tpm_devid plugin.
+          Populated from globalConfig.
+        '';
+      };
+
+      endorsementCaCerts = lib.mkOption {
+        type = lib.types.listOf lib.types.path;
+        default = [ ];
+        description = ''
+          Deprecated: use endorsementCaBundle instead.
+          Kept for backward compatibility.
         '';
       };
     };
   };
 
   config = lib.mkIf cfg.enable {
+    warnings =
+      lib.optional (cfg.tpmAttestation.enable && cfg.tpmAttestation.endorsementCaBundle == "")
+        ''
+          SPIRE: tpm_devid requested but no endorsement CA bundle configured.
+          Falling back to join_token only attestation.
+          Ensure tpm-endorsement.nix is imported in your hardware definition.
+        '';
+
     environment.systemPackages = [ pkgs.spire ];
 
     users.groups.spire = { };