diff --git a/Cargo.lock b/Cargo.lock index 922bc10dd..c6320d360 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -159,6 +159,17 @@ dependencies = [ "syn 2.0.117", ] +[[package]] +name = "api_identity" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831#becbbb616f5f18b59cc42e511c148734c2ba3831" +dependencies = [ + "omicron-workspace-hack", + "proc-macro2", + "quote", + "syn 2.0.117", +] + [[package]] name = "arc-swap" version = "1.7.1" @@ -269,6 +280,25 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "attest-data" +version = "0.5.0" +source = "git+https://github.com/oxidecomputer/dice-util?rev=1d3084b514389847e8e0f5d966d2be4f18d02d32#1d3084b514389847e8e0f5d966d2be4f18d02d32" +dependencies = [ + "const-oid", + "der", + "getrandom 0.3.4", + "hex", + "hubpack", + "rats-corim", + "salty", + "serde", + "serde_with", + "sha3", + "static_assertions", + "thiserror 2.0.18", +] + [[package]] name = "atty" version = "0.2.14" @@ -339,6 +369,12 @@ dependencies = [ "rustc-demangle", ] +[[package]] +name = "base16ct" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" + [[package]] name = "base64" version = "0.21.7" @@ -386,6 +422,16 @@ dependencies = [ "strum 0.26.3", ] +[[package]] +name = "bhyve_api" +version = "0.0.0" +source = "git+https://github.com/oxidecomputer/propolis?rev=8ccddb47a4c93b7e3480919495dae851afc83782#8ccddb47a4c93b7e3480919495dae851afc83782" +dependencies = [ + "bhyve_api_sys 0.0.0 (git+https://github.com/oxidecomputer/propolis?rev=8ccddb47a4c93b7e3480919495dae851afc83782)", + "libc", + "strum 0.26.3", +] + [[package]] name = "bhyve_api_sys" version = "0.0.0" @@ -403,6 +449,15 @@ dependencies = [ "strum 0.26.3", ] +[[package]] +name = "bhyve_api_sys" +version = "0.0.0" +source = "git+https://github.com/oxidecomputer/propolis?rev=8ccddb47a4c93b7e3480919495dae851afc83782#8ccddb47a4c93b7e3480919495dae851afc83782" +dependencies = [ + "libc", + "strum 0.26.3", +] + [[package]] name = "bincode" version = "1.3.3" @@ -545,6 +600,35 @@ dependencies = [ "generic-array", ] +[[package]] +name = "bootstore" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831#becbbb616f5f18b59cc42e511c148734c2ba3831" +dependencies = [ + "bytes", + "camino", + "chacha20poly1305", + "ciborium", + "derive_more", + "hex", + "hkdf", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "omicron-workspace-hack", + "rand 0.8.5", + "secrecy", + "serde", + "serde_with", + "sha3", + "sled-hardware-types 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "slog", + "slog-error-chain", + "thiserror 2.0.18", + "tokio", + "uuid", + "vsss-rs", + "zeroize", +] + [[package]] name = "bstr" version = "1.9.1" @@ -711,6 +795,30 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "613afe47fcd5fac7ccf1db93babcb082c5994d996f20b8b159f2ad1658eb5724" +[[package]] +name = "chacha20" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3613f74bd2eac03dad61bd53dbe620703d4371614fe0bc3b9f04dd36fe4e818" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "chacha20poly1305" +version = "0.10.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "10cd79432192d1c0f4e1a0fef9527696cc039165d729fb41b3f4f4f354c2dc35" +dependencies = [ + "aead", + "chacha20", + "cipher", + "poly1305", + "zeroize", +] + [[package]] name = "chrono" version = "0.4.44" @@ -736,6 +844,33 @@ dependencies = [ "serde", ] +[[package]] +name = "ciborium" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42e69ffd6f0917f5c029256a24d0161db17cea3997d185db0d35926308770f0e" +dependencies = [ + "ciborium-io", + "ciborium-ll", + "serde", +] + +[[package]] +name = "ciborium-io" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "05afea1e0a06c9be33d539b876f1ce3692f4afea2cb41f740e7743225ed1c757" + +[[package]] +name = "ciborium-ll" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57663b653d948a338bfb3eeba9bb2fd5fcfaecb9e199e87e1eda4d9e8b240fd9" +dependencies = [ + "ciborium-io", + "half", +] + [[package]] name = "cipher" version = "0.4.4" @@ -744,6 +879,7 @@ checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" dependencies = [ "crypto-common", "inout", + "zeroize", ] [[package]] @@ -812,9 +948,9 @@ dependencies = [ "derive_more", "expectorate", "itertools 0.14.0", - "omicron-common", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -829,7 +965,7 @@ dependencies = [ "camino", "clap", "derive_more", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "thiserror 1.0.64", @@ -858,9 +994,9 @@ source = "git+https://github.com/oxidecomputer/omicron?branch=main#b8efb9a08b366 dependencies = [ "chrono", "csv", - "omicron-common", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "thiserror 2.0.18", ] @@ -920,6 +1056,12 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + [[package]] name = "const_format" version = "0.2.35" @@ -1013,8 +1155,8 @@ version = "0.0.0" dependencies = [ "bhyve_api 0.0.0", "bitflags 2.9.4", - "propolis_api_types", - "propolis_types", + "propolis_api_types 0.0.0", + "propolis_types 0.0.0", "proptest", "thiserror 1.0.64", ] @@ -1082,7 +1224,7 @@ dependencies = [ "bytes", "cfg-if", "chrono", - "crucible-client-types", + "crucible-client-types 0.1.0 (git+https://github.com/oxidecomputer/crucible?rev=ae1da83e66c648574827298f4bc444632bf4d047)", "crucible-common", "crucible-protocol", "crucible-workspace-hack", @@ -1095,8 +1237,8 @@ dependencies = [ "itertools 0.14.0", "libc", "nexus-client", - "omicron-common", - "omicron-uuid-kinds", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", + "omicron-uuid-kinds 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "oximeter", "oximeter-producer", "rand 0.9.2", @@ -1105,7 +1247,7 @@ dependencies = [ "reqwest 0.12.23", "reqwest 0.13.2", "ringbuffer", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -1124,6 +1266,19 @@ dependencies = [ "version_check", ] +[[package]] +name = "crucible-client-types" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/crucible?rev=7103cd3a3d7b0112d2949dd135db06fef0c156bb#7103cd3a3d7b0112d2949dd135db06fef0c156bb" +dependencies = [ + "base64 0.22.1", + "crucible-workspace-hack", + "schemars 0.8.22", + "serde", + "serde_json", + "uuid", +] + [[package]] name = "crucible-client-types" version = "0.1.0" @@ -1131,7 +1286,7 @@ source = "git+https://github.com/oxidecomputer/crucible?rev=ae1da83e66c648574827 dependencies = [ "base64 0.22.1", "crucible-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "uuid", @@ -1148,7 +1303,7 @@ dependencies = [ "dropshot 0.17.0", "nix 0.31.1", "rustls-pemfile 1.0.4", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -1178,7 +1333,7 @@ dependencies = [ "crucible-common", "crucible-workspace-hack", "num_enum 0.7.4", - "schemars", + "schemars 0.8.22", "serde", "strum 0.27.2", "strum_macros 0.28.0", @@ -1199,12 +1354,42 @@ dependencies = [ "thiserror 2.0.18", ] +[[package]] +name = "crucible-smf" +version = "0.0.0" +source = "git+https://github.com/oxidecomputer/crucible?rev=7103cd3a3d7b0112d2949dd135db06fef0c156bb#7103cd3a3d7b0112d2949dd135db06fef0c156bb" +dependencies = [ + "crucible-workspace-hack", + "libc", + "num-derive 0.4.2", + "num-traits", + "thiserror 2.0.18", +] + [[package]] name = "crucible-workspace-hack" version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fbd293370c6cb9c334123675263de33fc9e53bbdfc8bdd5e329237cf0205fdc7" +[[package]] +name = "crunchy" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "460fbee9c2c2f33933d720630a6a0bac33ba7053db5344fac858d4b8952d77d5" + +[[package]] +name = "crypto-bigint" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" +dependencies = [ + "generic-array", + "rand_core 0.6.4", + "subtle", + "zeroize", +] + [[package]] name = "crypto-common" version = "0.1.6" @@ -1276,6 +1461,34 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "curve25519-dalek" +version = "4.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be" +dependencies = [ + "cfg-if", + "cpufeatures", + "curve25519-dalek-derive", + "digest 0.10.7", + "fiat-crypto", + "rand_core 0.6.4", + "rustc_version 0.4.1", + "subtle", + "zeroize", +] + +[[package]] +name = "curve25519-dalek-derive" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + [[package]] name = "daft" version = "0.1.5" @@ -1320,6 +1533,16 @@ dependencies = [ "darling_macro 0.21.3", ] +[[package]] +name = "darling" +version = "0.23.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "25ae13da2f202d56bd7f91c25fba009e7717a1e4a1cc98a76d844b65ae912e9d" +dependencies = [ + "darling_core 0.23.0", + "darling_macro 0.23.0", +] + [[package]] name = "darling_core" version = "0.20.11" @@ -1348,6 +1571,19 @@ dependencies = [ "syn 2.0.117", ] +[[package]] +name = "darling_core" +version = "0.23.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9865a50f7c335f53564bb694ef660825eb8610e0a53d3e11bf1b0d3df31e03b0" +dependencies = [ + "ident_case", + "proc-macro2", + "quote", + "strsim 0.11.1", + "syn 2.0.117", +] + [[package]] name = "darling_macro" version = "0.20.11" @@ -1370,6 +1606,17 @@ dependencies = [ "syn 2.0.117", ] +[[package]] +name = "darling_macro" +version = "0.23.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac3984ec7bd6cfa798e62b4a642426a5be0e68f9401cfc2a01e3fa9ea2fcdb8d" +dependencies = [ + "darling_core 0.23.0", + "quote", + "syn 2.0.117", +] + [[package]] name = "data-encoding" version = "2.6.0" @@ -1420,6 +1667,30 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5729f5117e208430e437df2f4843f5e5952997175992d1414f94c57d61e270b4" +[[package]] +name = "der" +version = "0.7.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" +dependencies = [ + "const-oid", + "der_derive", + "flagset", + "pem-rfc7468", + "zeroize", +] + +[[package]] +name = "der_derive" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + [[package]] name = "deranged" version = "0.5.3" @@ -1427,6 +1698,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d630bccd429a5bb5a64b5e94f693bfc48c9f8566418fda4c494cc94f911f87cc" dependencies = [ "powerfmt", + "serde", ] [[package]] @@ -1496,6 +1768,31 @@ dependencies = [ "syn 2.0.117", ] +[[package]] +name = "dice-verifier" +version = "0.3.0-pre0" +source = "git+https://github.com/oxidecomputer/dice-util?rev=1d3084b514389847e8e0f5d966d2be4f18d02d32#1d3084b514389847e8e0f5d966d2be4f18d02d32" +dependencies = [ + "async-trait", + "attest-data", + "const-oid", + "ed25519-dalek", + "env_logger", + "hex", + "hubpack", + "log", + "p384", + "rats-corim", + "sha3", + "sled-agent-client", + "sled-agent-types-versions", + "slog", + "tempfile", + "thiserror 2.0.18", + "tokio", + "x509-cert", +] + [[package]] name = "digest" version = "0.9.0" @@ -1512,6 +1809,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ "block-buffer 0.10.4", + "const-oid", "crypto-common", "subtle", ] @@ -1621,7 +1919,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a9ba64b39d5fd68e09169e63c8e82b7a50c9b6082f2c44f52db2a11e3b9d7dd4" dependencies = [ "anyhow", - "indexmap", + "indexmap 2.13.0", "openapiv3", "regex", "serde", @@ -1649,14 +1947,14 @@ dependencies = [ "http-body-util", "hyper", "hyper-util", - "indexmap", + "indexmap 2.13.0", "multer", "openapiv3", "paste", "percent-encoding", "rustls 0.22.4", "rustls-pemfile 2.2.0", - "schemars", + "schemars 0.8.22", "scopeguard", "semver 1.0.27", "serde", @@ -1701,14 +1999,14 @@ dependencies = [ "http-body-util", "hyper", "hyper-util", - "indexmap", + "indexmap 2.13.0", "multer", "openapiv3", "paste", "percent-encoding", "rustls 0.22.4", "rustls-pemfile 2.2.0", - "schemars", + "schemars 0.8.22", "scopeguard", "semver 1.0.27", "serde", @@ -1842,12 +2140,71 @@ version = "1.0.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0d6ef0072f8a535281e4876be788938b528e9a1d43900b82c2569af7da799125" +[[package]] +name = "ecdsa" +version = "0.16.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca" +dependencies = [ + "der", + "digest 0.10.7", + "elliptic-curve", + "rfc6979", + "signature", + "spki", +] + +[[package]] +name = "ed25519" +version = "2.2.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53" +dependencies = [ + "pkcs8", + "signature", +] + +[[package]] +name = "ed25519-dalek" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "70e796c081cee67dc755e1a36a0a172b897fab85fc3f6bc48307991f64e4eca9" +dependencies = [ + "curve25519-dalek", + "ed25519", + "serde", + "sha2 0.10.9", + "subtle", + "zeroize", +] + [[package]] name = "either" version = "1.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719" +[[package]] +name = "elliptic-curve" +version = "0.13.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" +dependencies = [ + "base16ct", + "crypto-bigint", + "digest 0.10.7", + "ff", + "generic-array", + "group", + "hkdf", + "pem-rfc7468", + "pkcs8", + "rand_core 0.6.4", + "sec1", + "subtle", + "zeroize", +] + [[package]] name = "embedded-io" version = "0.4.0" @@ -1887,6 +2244,25 @@ dependencies = [ "syn 2.0.117", ] +[[package]] +name = "env_filter" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32e90c2accc4b07a8456ea0debdc2e7587bdd890680d71173a15d4ae604f6eef" +dependencies = [ + "log", +] + +[[package]] +name = "env_logger" +version = "0.11.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0621c04f2196ac3f488dd583365b9c09be011a4ab8b9f37248ffcc8f6198b56a" +dependencies = [ + "env_filter", + "log", +] + [[package]] name = "equivalent" version = "1.0.2" @@ -1918,9 +2294,9 @@ version = "0.1.0" source = "git+https://github.com/oxidecomputer/omicron?branch=main#b8efb9a08b366541c71eb6334b54768f3cbee724" dependencies = [ "dropshot 0.16.7", - "omicron-uuid-kinds", + "omicron-uuid-kinds 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "thiserror 2.0.18", @@ -2020,6 +2396,22 @@ dependencies = [ "simd-adler32", ] +[[package]] +name = "ff" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c0b50bfb653653f9ca9095b427bed08ab8d75a137839d9ad64eb11810d5b6393" +dependencies = [ + "rand_core 0.6.4", + "subtle", +] + +[[package]] +name = "fiat-crypto" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" + [[package]] name = "filedescriptor" version = "0.8.2" @@ -2061,6 +2453,12 @@ version = "0.5.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1d674e81391d1e1ab681a28d99df07927c6d4aa5b027d7da16ba32d1d21ecd99" +[[package]] +name = "flagset" +version = "0.4.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7ac824320a75a52197e8f2d787f6a38b6718bb6897a35142d749af3c0e8f4fe" + [[package]] name = "flate2" version = "1.0.30" @@ -2272,12 +2670,12 @@ dependencies = [ "ereport-types", "gateway-messages", "gateway-types", - "omicron-uuid-kinds", + "omicron-uuid-kinds 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "omicron-workspace-hack", "progenitor 0.10.0", "rand 0.9.2", "reqwest 0.12.23", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -2312,10 +2710,10 @@ dependencies = [ "dropshot 0.16.7", "gateway-messages", "hex", - "omicron-common", - "omicron-uuid-kinds", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", + "omicron-uuid-kinds 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "thiserror 2.0.18", "tufaceous-artifact", @@ -2344,6 +2742,7 @@ checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" dependencies = [ "typenum", "version_check", + "zeroize", ] [[package]] @@ -2375,21 +2774,21 @@ dependencies = [ "cfg-if", "js-sys", "libc", - "wasi 0.11.0+wasi-snapshot-preview1", + "wasi", "wasm-bindgen", ] [[package]] name = "getrandom" -version = "0.3.2" +version = "0.3.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "73fea8450eea4bac3940448fb7ae50d91f034f941199fcd9d909a5a07aa455f0" +checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd" dependencies = [ "cfg-if", "js-sys", "libc", "r-efi 5.2.0", - "wasi 0.14.2+wasi-0.2.4", + "wasip2", "wasm-bindgen", ] @@ -2406,6 +2805,22 @@ dependencies = [ "wasip3", ] +[[package]] +name = "gfss" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831#becbbb616f5f18b59cc42e511c148734c2ba3831" +dependencies = [ + "digest 0.10.7", + "omicron-workspace-hack", + "rand 0.9.2", + "schemars 0.8.22", + "secrecy", + "serde", + "subtle", + "thiserror 2.0.18", + "zeroize", +] + [[package]] name = "gimli" version = "0.28.1" @@ -2490,6 +2905,17 @@ dependencies = [ "scroll 0.13.0", ] +[[package]] +name = "group" +version = "0.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" +dependencies = [ + "ff", + "rand_core 0.6.4", + "subtle", +] + [[package]] name = "h2" version = "0.4.6" @@ -2502,13 +2928,24 @@ dependencies = [ "futures-core", "futures-sink", "http", - "indexmap", + "indexmap 2.13.0", "slab", "tokio", "tokio-util", "tracing", ] +[[package]] +name = "half" +version = "2.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6ea2d84b969582b4b1864a92dc5d27cd2b77b622a8d79306834f1be5ba20d84b" +dependencies = [ + "cfg-if", + "crunchy", + "zerocopy 0.8.27", +] + [[package]] name = "hash32" version = "0.3.1" @@ -2518,6 +2955,12 @@ dependencies = [ "byteorder", ] +[[package]] +name = "hashbrown" +version = "0.12.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" + [[package]] name = "hashbrown" version = "0.15.2" @@ -2580,9 +3023,6 @@ name = "hex" version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70" -dependencies = [ - "serde", -] [[package]] name = "hickory-proto" @@ -2681,6 +3121,24 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9040319a6910b901d5d49cbada4a99db52836a1b63228a05f7e2b7f8feef89b1" +[[package]] +name = "hkdf" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" +dependencies = [ + "hmac", +] + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest 0.10.7", +] + [[package]] name = "home" version = "0.5.11" @@ -2879,7 +3337,7 @@ dependencies = [ "js-sys", "log", "wasm-bindgen", - "windows-core 0.62.2", + "windows-core", ] [[package]] @@ -3023,15 +3481,15 @@ dependencies = [ "daft", "derive-where", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", ] [[package]] name = "iddqd" -version = "0.3.14" +version = "0.3.17" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bac5efd33e0c5eb0ac45cbd210541a214dac576896ca97ba08e16e3b1079cdd8" +checksum = "6b215e67ed1d1a4b1702acd787c487d16e4c977c5dcbcc4587bdb5ea26b6ce06" dependencies = [ "allocator-api2", "daft", @@ -3040,7 +3498,7 @@ dependencies = [ "hashbrown 0.16.1", "ref-cast", "rustc-hash 2.1.1", - "schemars", + "schemars 0.8.22", "serde_core", "serde_json", ] @@ -3072,6 +3530,16 @@ dependencies = [ "icu_properties", ] +[[package]] +name = "illumos-devinfo" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/illumos-devinfo?branch=main#4323b17bfdd0c94d2875ac64b47f0e60fac1d640" +dependencies = [ + "anyhow", + "libc", + "num_enum 0.5.11", +] + [[package]] name = "illumos-sys-hdrs" version = "0.1.0" @@ -3080,6 +3548,14 @@ dependencies = [ "bitflags 2.9.4", ] +[[package]] +name = "illumos-sys-hdrs" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/opte?rev=e547d07b08c3f3d6c821c9eb7a958adcffce6e56#e547d07b08c3f3d6c821c9eb7a958adcffce6e56" +dependencies = [ + "bitflags 2.9.4", +] + [[package]] name = "illumos-utils" version = "0.1.0" @@ -3092,7 +3568,7 @@ dependencies = [ "camino", "camino-tempfile", "cfg-if", - "crucible-smf", + "crucible-smf 0.0.0 (git+https://github.com/oxidecomputer/crucible?rev=65ca41e821ef53ec9c28909357f23e3348169e4f)", "debug-ignore", "dropshot 0.16.7", "futures", @@ -3101,14 +3577,14 @@ dependencies = [ "itertools 0.14.0", "libc", "macaddr", - "omicron-common", - "omicron-uuid-kinds", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", + "omicron-uuid-kinds 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "omicron-workspace-hack", - "opte-ioctl", - "oxide-vpc", - "oxlog", + "opte-ioctl 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=795a1e0aeefb7a2c6fe4139779fdf66930d09b80)", + "oxide-vpc 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=795a1e0aeefb7a2c6fe4139779fdf66930d09b80)", + "oxlog 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "oxnet", - "schemars", + "schemars 0.8.22", "serde", "slog", "slog-error-chain", @@ -3120,6 +3596,53 @@ dependencies = [ "zone", ] +[[package]] +name = "illumos-utils" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831#becbbb616f5f18b59cc42e511c148734c2ba3831" +dependencies = [ + "anyhow", + "async-trait", + "bhyve_api 0.0.0 (git+https://github.com/oxidecomputer/propolis?rev=8ccddb47a4c93b7e3480919495dae851afc83782)", + "byteorder", + "camino", + "camino-tempfile", + "cfg-if", + "chrono", + "crucible-smf 0.0.0 (git+https://github.com/oxidecomputer/crucible?rev=7103cd3a3d7b0112d2949dd135db06fef0c156bb)", + "debug-ignore", + "dropshot 0.16.7", + "futures", + "http", + "iddqd", + "ipnetwork", + "itertools 0.14.0", + "libc", + "macaddr", + "nix 0.30.1", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "omicron-uuid-kinds 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "omicron-workspace-hack", + "opte-ioctl 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=e547d07b08c3f3d6c821c9eb7a958adcffce6e56)", + "oxide-vpc 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=e547d07b08c3f3d6c821c9eb7a958adcffce6e56)", + "oxlog 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "oxnet", + "rustix 1.1.2", + "schemars 0.8.22", + "serde", + "slog", + "slog-async", + "slog-error-chain", + "slog-term", + "smf", + "thiserror 2.0.18", + "tofino", + "tokio", + "uuid", + "whoami", + "zone", +] + [[package]] name = "image" version = "0.25.1" @@ -3138,6 +3661,17 @@ version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0cfe9645a18782869361d9c8732246be7b410ad4e919d3609ebabdac00ba12c3" +[[package]] +name = "indexmap" +version = "1.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" +dependencies = [ + "autocfg", + "hashbrown 0.12.3", + "serde", +] + [[package]] name = "indexmap" version = "2.13.0" @@ -3216,8 +3750,8 @@ dependencies = [ "hickory-proto 0.25.2", "hickory-resolver 0.25.2", "internal-dns-types", - "omicron-common", - "omicron-uuid-kinds", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", + "omicron-uuid-kinds 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "omicron-workspace-hack", "qorb", "reqwest 0.12.23", @@ -3232,10 +3766,10 @@ source = "git+https://github.com/oxidecomputer/omicron?branch=main#b8efb9a08b366 dependencies = [ "anyhow", "chrono", - "omicron-common", - "omicron-uuid-kinds", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", + "omicron-uuid-kinds 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", ] @@ -3263,7 +3797,7 @@ version = "0.21.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf370abdafd54d13e54a620e8c3e1145f28e46cc9d704bc6d94414559df41763" dependencies = [ - "schemars", + "schemars 0.8.22", "serde", ] @@ -3423,6 +3957,15 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "keccak" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cb26cec98cce3a3d96cbb7bced3c4b16e3d13f27ec56dbd62cbc8f39cfb9d653" +dependencies = [ + "cpufeatures", +] + [[package]] name = "kstat-macro" version = "0.1.0" @@ -3432,6 +3975,15 @@ dependencies = [ "syn 2.0.117", ] +[[package]] +name = "kstat-macro" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/opte?rev=e547d07b08c3f3d6c821c9eb7a958adcffce6e56#e547d07b08c3f3d6c821c9eb7a958adcffce6e56" +dependencies = [ + "quote", + "syn 2.0.117", +] + [[package]] name = "kstat-rs" version = "0.2.4" @@ -3747,6 +4299,15 @@ dependencies = [ "autocfg", ] +[[package]] +name = "memoffset" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "488016bfae457b036d996092f6cb448677611ce4449e970ceaf42695203f218a" +dependencies = [ + "autocfg", +] + [[package]] name = "mg-admin-client" version = "0.1.0" @@ -3757,10 +4318,28 @@ dependencies = [ "percent-encoding", "progenitor 0.11.1", "reqwest 0.12.23", - "schemars", + "schemars 0.8.22", + "serde", + "serde_json", + "slog", +] + +[[package]] +name = "mg-admin-client" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/maghemite?rev=3abfb8eb7f6d4ca4658981b4a7a76759a0a3f8ec#3abfb8eb7f6d4ca4658981b4a7a76759a0a3f8ec" +dependencies = [ + "chrono", + "colored", + "progenitor 0.11.1", + "rdb-types", + "reqwest 0.12.23", + "schemars 0.8.22", "serde", "serde_json", "slog", + "tabwriter", + "uuid", ] [[package]] @@ -3793,7 +4372,7 @@ checksum = "80e04d1dcff3aae0704555fe5fee3bcfaf3d1fdf8a7e521d5b9d2b42acb52cec" dependencies = [ "hermit-abi 0.3.9", "libc", - "wasi 0.11.0+wasi-snapshot-preview1", + "wasi", "windows-sys 0.52.0", ] @@ -3889,11 +4468,11 @@ dependencies = [ [[package]] name = "newtype-uuid" -version = "1.3.1" +version = "1.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "74d1216f62e63be5fb25a9ecd1e2b37b1556a9b8c02f4831770f5d01df85c226" +checksum = "5c012d14ef788ab066a347d19e3dda699916c92293b05b85ba2c76b8c82d2830" dependencies = [ - "schemars", + "schemars 0.8.22", "serde", "serde_json", "uuid", @@ -3932,15 +4511,15 @@ dependencies = [ "iddqd", "nexus-sled-agent-shared", "nexus-types", - "omicron-common", - "omicron-passwords", - "omicron-uuid-kinds", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", + "omicron-passwords 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", + "omicron-uuid-kinds 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "omicron-workspace-hack", "oxnet", "progenitor 0.10.0", "regress", "reqwest 0.12.23", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -3957,16 +4536,16 @@ dependencies = [ "daft", "id-map", "iddqd", - "illumos-utils", + "illumos-utils 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "indent_write", - "omicron-common", - "omicron-passwords", - "omicron-uuid-kinds", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", + "omicron-passwords 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", + "omicron-uuid-kinds 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", "serde_json", - "sled-hardware-types", + "sled-hardware-types 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "strum 0.27.2", "thiserror 2.0.18", "tufaceous-artifact", @@ -3979,7 +4558,7 @@ version = "0.1.0" source = "git+https://github.com/oxidecomputer/omicron?branch=main#b8efb9a08b366541c71eb6334b54768f3cbee724" dependencies = [ "anyhow", - "api_identity", + "api_identity 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "async-trait", "base64 0.22.1", "chrono", @@ -3998,7 +4577,7 @@ dependencies = [ "humantime", "id-map", "iddqd", - "illumos-utils", + "illumos-utils 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "indent_write", "internal-dns-types", "ipnetwork", @@ -4006,9 +4585,9 @@ dependencies = [ "newtype-uuid", "newtype_derive", "nexus-sled-agent-shared", - "omicron-common", - "omicron-passwords", - "omicron-uuid-kinds", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", + "omicron-passwords 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", + "omicron-uuid-kinds 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "omicron-workspace-hack", "openssl", "oximeter-db", @@ -4016,7 +4595,7 @@ dependencies = [ "oxql-types", "parse-display", "regex", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -4048,7 +4627,7 @@ dependencies = [ "bitflags 1.3.2", "cfg-if", "libc", - "memoffset", + "memoffset 0.6.5", ] [[package]] @@ -4063,6 +4642,19 @@ dependencies = [ "libc", ] +[[package]] +name = "nix" +version = "0.30.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "74523f3a35e05aba87a1d978330aef40f67b0304ac79c1c00b294c9830543db6" +dependencies = [ + "bitflags 2.9.4", + "cfg-if", + "cfg_aliases 0.2.1", + "libc", + "memoffset 0.9.1", +] + [[package]] name = "nix" version = "0.31.1" @@ -4309,16 +4901,61 @@ checksum = "696183c9b5fe81a7715d074fd632e8bd46f4ccc0231a3ed7fc580a80de5f7083" dependencies = [ "serde", "serde_json", - "unicode-normalization", + "unicode-normalization", +] + +[[package]] +name = "omicron-common" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/omicron?branch=main#b8efb9a08b366541c71eb6334b54768f3cbee724" +dependencies = [ + "anyhow", + "api_identity 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", + "async-trait", + "backoff", + "camino", + "chrono", + "daft", + "dropshot 0.16.7", + "futures", + "hex", + "http", + "id-map", + "iddqd", + "ipnetwork", + "macaddr", + "mg-admin-client 0.1.0 (git+https://github.com/oxidecomputer/maghemite?rev=08f2a34d487658e87545ffbba3add632a82baf0d)", + "omicron-uuid-kinds 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", + "omicron-workspace-hack", + "oxnet", + "parse-display", + "progenitor-client 0.10.0", + "protocol", + "rand 0.9.2", + "regress", + "reqwest 0.12.23", + "schemars 0.8.22", + "semver 1.0.27", + "serde", + "serde_human_bytes", + "serde_json", + "serde_with", + "slog", + "slog-error-chain", + "strum 0.27.2", + "thiserror 2.0.18", + "tokio", + "tufaceous-artifact", + "uuid", ] [[package]] name = "omicron-common" version = "0.1.0" -source = "git+https://github.com/oxidecomputer/omicron?branch=main#b8efb9a08b366541c71eb6334b54768f3cbee724" +source = "git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831#becbbb616f5f18b59cc42e511c148734c2ba3831" dependencies = [ "anyhow", - "api_identity", + "api_identity 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", "async-trait", "backoff", "camino", @@ -4328,12 +4965,12 @@ dependencies = [ "futures", "hex", "http", - "id-map", "iddqd", "ipnetwork", + "itertools 0.14.0", "macaddr", - "mg-admin-client", - "omicron-uuid-kinds", + "mg-admin-client 0.1.0 (git+https://github.com/oxidecomputer/maghemite?rev=3abfb8eb7f6d4ca4658981b4a7a76759a0a3f8ec)", + "omicron-uuid-kinds 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", "omicron-workspace-hack", "oxnet", "parse-display", @@ -4342,7 +4979,7 @@ dependencies = [ "rand 0.9.2", "regress", "reqwest 0.12.23", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_human_bytes", @@ -4365,7 +5002,22 @@ dependencies = [ "argon2", "omicron-workspace-hack", "rand 0.9.2", - "schemars", + "schemars 0.8.22", + "secrecy", + "serde", + "serde_with", + "thiserror 2.0.18", +] + +[[package]] +name = "omicron-passwords" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831#becbbb616f5f18b59cc42e511c148734c2ba3831" +dependencies = [ + "argon2", + "omicron-workspace-hack", + "rand 0.9.2", + "schemars 0.8.22", "secrecy", "serde", "serde_with", @@ -4381,7 +5033,19 @@ dependencies = [ "newtype-uuid", "newtype-uuid-macros", "paste", - "schemars", + "schemars 0.8.22", +] + +[[package]] +name = "omicron-uuid-kinds" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831#becbbb616f5f18b59cc42e511c148734c2ba3831" +dependencies = [ + "daft", + "newtype-uuid", + "newtype-uuid-macros", + "paste", + "schemars 0.8.22", ] [[package]] @@ -4444,7 +5108,7 @@ version = "2.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5c8d427828b22ae1fff2833a03d8486c2c881367f1c336349f307f321e7f4d05" dependencies = [ - "indexmap", + "indexmap 2.13.0", "serde", "serde_json", ] @@ -4506,10 +5170,29 @@ source = "git+https://github.com/oxidecomputer/opte?rev=795a1e0aeefb7a2c6fe41397 dependencies = [ "bitflags 2.9.4", "dyn-clone", - "illumos-sys-hdrs", + "illumos-sys-hdrs 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=795a1e0aeefb7a2c6fe4139779fdf66930d09b80)", + "ingot", + "kstat-macro 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=795a1e0aeefb7a2c6fe4139779fdf66930d09b80)", + "opte-api 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=795a1e0aeefb7a2c6fe4139779fdf66930d09b80)", + "postcard", + "ref-cast", + "serde", + "tabwriter", + "version_check", + "zerocopy 0.8.27", +] + +[[package]] +name = "opte" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/opte?rev=e547d07b08c3f3d6c821c9eb7a958adcffce6e56#e547d07b08c3f3d6c821c9eb7a958adcffce6e56" +dependencies = [ + "bitflags 2.9.4", + "dyn-clone", + "illumos-sys-hdrs 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=e547d07b08c3f3d6c821c9eb7a958adcffce6e56)", "ingot", - "kstat-macro", - "opte-api", + "kstat-macro 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=e547d07b08c3f3d6c821c9eb7a958adcffce6e56)", + "opte-api 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=e547d07b08c3f3d6c821c9eb7a958adcffce6e56)", "postcard", "ref-cast", "serde", @@ -4523,7 +5206,20 @@ name = "opte-api" version = "0.1.0" source = "git+https://github.com/oxidecomputer/opte?rev=795a1e0aeefb7a2c6fe4139779fdf66930d09b80#795a1e0aeefb7a2c6fe4139779fdf66930d09b80" dependencies = [ - "illumos-sys-hdrs", + "illumos-sys-hdrs 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=795a1e0aeefb7a2c6fe4139779fdf66930d09b80)", + "ingot", + "ipnetwork", + "postcard", + "serde", + "smoltcp", +] + +[[package]] +name = "opte-api" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/opte?rev=e547d07b08c3f3d6c821c9eb7a958adcffce6e56#e547d07b08c3f3d6c821c9eb7a958adcffce6e56" +dependencies = [ + "illumos-sys-hdrs 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=e547d07b08c3f3d6c821c9eb7a958adcffce6e56)", "ingot", "ipnetwork", "postcard", @@ -4538,8 +5234,22 @@ source = "git+https://github.com/oxidecomputer/opte?rev=795a1e0aeefb7a2c6fe41397 dependencies = [ "libc", "libnet", - "opte", - "oxide-vpc", + "opte 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=795a1e0aeefb7a2c6fe4139779fdf66930d09b80)", + "oxide-vpc 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=795a1e0aeefb7a2c6fe4139779fdf66930d09b80)", + "postcard", + "serde", + "thiserror 2.0.18", +] + +[[package]] +name = "opte-ioctl" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/opte?rev=e547d07b08c3f3d6c821c9eb7a958adcffce6e56#e547d07b08c3f3d6c821c9eb7a958adcffce6e56" +dependencies = [ + "libc", + "libnet", + "opte 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=e547d07b08c3f3d6c821c9eb7a958adcffce6e56)", + "oxide-vpc 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=e547d07b08c3f3d6c821c9eb7a958adcffce6e56)", "postcard", "serde", "thiserror 2.0.18", @@ -4596,8 +5306,22 @@ version = "0.1.0" source = "git+https://github.com/oxidecomputer/opte?rev=795a1e0aeefb7a2c6fe4139779fdf66930d09b80#795a1e0aeefb7a2c6fe4139779fdf66930d09b80" dependencies = [ "cfg-if", - "illumos-sys-hdrs", - "opte", + "illumos-sys-hdrs 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=795a1e0aeefb7a2c6fe4139779fdf66930d09b80)", + "opte 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=795a1e0aeefb7a2c6fe4139779fdf66930d09b80)", + "serde", + "tabwriter", + "uuid", + "zerocopy 0.8.27", +] + +[[package]] +name = "oxide-vpc" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/opte?rev=e547d07b08c3f3d6c821c9eb7a958adcffce6e56#e547d07b08c3f3d6c821c9eb7a958adcffce6e56" +dependencies = [ + "cfg-if", + "illumos-sys-hdrs 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=e547d07b08c3f3d6c821c9eb7a958adcffce6e56)", + "opte 0.1.0 (git+https://github.com/oxidecomputer/opte?rev=e547d07b08c3f3d6c821c9eb7a958adcffce6e56)", "serde", "tabwriter", "uuid", @@ -4645,11 +5369,11 @@ dependencies = [ "gethostname 0.5.0", "highway", "iana-time-zone", - "indexmap", + "indexmap 2.13.0", "libc", "nom 7.1.3", "num", - "omicron-common", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "omicron-workspace-hack", "oxide-tokio-rt", "oximeter", @@ -4659,7 +5383,7 @@ dependencies = [ "quote", "regex", "reqwest 0.12.23", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -4715,10 +5439,10 @@ dependencies = [ "internal-dns-resolver", "internal-dns-types", "nexus-client", - "omicron-common", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "omicron-workspace-hack", "oximeter", - "schemars", + "schemars 0.8.22", "serde", "slog", "slog-dtrace", @@ -4741,7 +5465,7 @@ dependencies = [ "prettyplease", "proc-macro2", "quote", - "schemars", + "schemars 0.8.22", "serde", "slog-error-chain", "syn 2.0.117", @@ -4770,11 +5494,11 @@ dependencies = [ "chrono", "float-ord", "num", - "omicron-common", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "omicron-workspace-hack", "parse-display", "regex", - "schemars", + "schemars 0.8.22", "serde", "strum 0.27.2", "thiserror 2.0.18", @@ -4798,14 +5522,31 @@ dependencies = [ "uuid", ] +[[package]] +name = "oxlog" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831#becbbb616f5f18b59cc42e511c148734c2ba3831" +dependencies = [ + "anyhow", + "camino", + "chrono", + "clap", + "glob", + "jiff", + "omicron-workspace-hack", + "rayon", + "sigpipe", + "uuid", +] + [[package]] name = "oxnet" -version = "0.1.3" +version = "0.1.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8200429754152e6379fbb1dd06eea90156c3b67591f6e31d08e787d010ef0168" +checksum = "5dc6fb07ecd6d2a17ff1431bc5b3ce11036c0b6dd93a3c4904db5b910817b162" dependencies = [ "ipnetwork", - "schemars", + "schemars 0.8.22", "serde", "serde_json", ] @@ -4821,12 +5562,24 @@ dependencies = [ "num", "omicron-workspace-hack", "oximeter-types", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "uuid", ] +[[package]] +name = "p384" +version = "0.13.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fe42f1670a52a47d448f14b6a5c61dd78fce51856e68edaa38f7ae3a46b8d6b6" +dependencies = [ + "ecdsa", + "elliptic-curve", + "primeorder", + "sha2 0.10.9", +] + [[package]] name = "p4rs" version = "0.1.0" @@ -4949,6 +5702,15 @@ dependencies = [ "serde", ] +[[package]] +name = "pem-rfc7468" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412" +dependencies = [ + "base64ct", +] + [[package]] name = "percent-encoding" version = "2.3.2" @@ -5005,7 +5767,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db" dependencies = [ "fixedbitset 0.4.2", - "indexmap", + "indexmap 2.13.0", "serde", "serde_derive", ] @@ -5018,7 +5780,7 @@ checksum = "8701b58ea97060d5e5b155d383a69952a60943f0e6dfe30b04c287beb0b27455" dependencies = [ "fixedbitset 0.5.7", "hashbrown 0.15.2", - "indexmap", + "indexmap 2.13.0", "serde", ] @@ -5042,9 +5804,9 @@ dependencies = [ "hex", "libc", "newtype_derive", - "omicron-common", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "oximeter", - "propolis-client", + "propolis-client 0.1.0", "rand 0.9.2", "reqwest 0.13.2", "ring", @@ -5121,11 +5883,11 @@ dependencies = [ "http", "itertools 0.13.0", "linkme", - "omicron-common", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "oximeter", "oximeter-producer", "phd-testcase", - "propolis-client", + "propolis-client 0.1.0", "reqwest 0.13.2", "slog", "slog-term", @@ -5255,6 +6017,16 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" +[[package]] +name = "pkcs8" +version = "0.10.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" +dependencies = [ + "der", + "spki", +] + [[package]] name = "pkg-config" version = "0.3.30" @@ -5280,6 +6052,17 @@ dependencies = [ "miniz_oxide", ] +[[package]] +name = "poly1305" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8159bd90725d2df49889a078b54f4f79e87f1f8a8444194cdca81d38f5393abf" +dependencies = [ + "cpufeatures", + "opaque-debug", + "universal-hash", +] + [[package]] name = "polyval" version = "0.6.2" @@ -5379,6 +6162,15 @@ dependencies = [ "syn 2.0.117", ] +[[package]] +name = "primeorder" +version = "0.13.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "353e1ca18966c16d9deb1c69278edbc5f194139612772bd9537af60ac231e1e6" +dependencies = [ + "elliptic-curve", +] + [[package]] name = "proc-macro-crate" version = "1.3.1" @@ -5508,12 +6300,12 @@ checksum = "b17e5363daa50bf1cccfade6b0fb970d2278758fd5cfa9ab69f25028e4b1afa3" dependencies = [ "heck 0.5.0", "http", - "indexmap", + "indexmap 2.13.0", "openapiv3", "proc-macro2", "quote", "regex", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "syn 2.0.117", @@ -5530,12 +6322,12 @@ checksum = "8276d558f1dfd4cc7fc4cceee0a51dab482b5a4be2e69e7eab8c57fbfb1472f4" dependencies = [ "heck 0.5.0", "http", - "indexmap", + "indexmap 2.13.0", "openapiv3", "proc-macro2", "quote", "regex", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "syn 2.0.117", @@ -5552,12 +6344,12 @@ checksum = "de362a0477182f45accdbad4d43cd89a95a1db0a518a7c1ddf3e525e6896f0f0" dependencies = [ "heck 0.5.0", "http", - "indexmap", + "indexmap 2.13.0", "openapiv3", "proc-macro2", "quote", "regex", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "syn 2.0.117", @@ -5576,7 +6368,7 @@ dependencies = [ "proc-macro2", "progenitor-impl 0.10.0", "quote", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_tokenstream", @@ -5594,7 +6386,7 @@ dependencies = [ "proc-macro2", "progenitor-impl 0.11.1", "quote", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_tokenstream", @@ -5612,7 +6404,7 @@ dependencies = [ "proc-macro2", "progenitor-impl 0.13.0", "quote", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_tokenstream", @@ -5634,7 +6426,8 @@ dependencies = [ "cpuid_utils", "crossbeam-channel", "crucible", - "crucible-client-types", + "crucible-client-types 0.1.0 (git+https://github.com/oxidecomputer/crucible?rev=ae1da83e66c648574827298f4bc444632bf4d047)", + "dice-verifier", "dladm", "dlpi 0.2.0 (git+https://github.com/oxidecomputer/dlpi-sys?branch=main)", "erased-serde 0.4.5", @@ -5650,13 +6443,14 @@ dependencies = [ "p9ds", "paste", "pin-project-lite", - "propolis_types", + "propolis_types 0.0.0", "rand 0.9.2", "rfb", "rgb_frame", "serde", "serde_arrays", "serde_json", + "sha2 0.10.9", "slog", "slog-async", "slog-term", @@ -5669,6 +6463,7 @@ dependencies = [ "usdt 0.6.0", "uuid", "viona_api", + "vm-attest", "zerocopy 0.8.27", ] @@ -5676,9 +6471,9 @@ dependencies = [ name = "propolis-api-types-versions" version = "0.0.0" dependencies = [ - "crucible-client-types", - "propolis_types", - "schemars", + "crucible-client-types 0.1.0 (git+https://github.com/oxidecomputer/crucible?rev=ae1da83e66c648574827298f4bc444632bf4d047)", + "propolis_types 0.0.0", + "schemars 0.8.22", "serde", "serde_json", "thiserror 1.0.64", @@ -5692,11 +6487,11 @@ dependencies = [ "anyhow", "base64 0.21.7", "clap", - "crucible-client-types", + "crucible-client-types 0.1.0 (git+https://github.com/oxidecomputer/crucible?rev=ae1da83e66c648574827298f4bc444632bf4d047)", "futures", "libc", "newtype-uuid", - "propolis-client", + "propolis-client 0.1.0", "propolis-config-toml", "reqwest 0.13.2", "serde", @@ -5715,14 +6510,38 @@ version = "0.1.0" dependencies = [ "async-trait", "base64 0.21.7", - "crucible-client-types", + "crucible-client-types 0.1.0 (git+https://github.com/oxidecomputer/crucible?rev=ae1da83e66c648574827298f4bc444632bf4d047)", "futures", "progenitor 0.13.0", "progenitor-client 0.13.0", "propolis-api-types-versions", "rand 0.9.2", "reqwest 0.13.2", - "schemars", + "schemars 0.8.22", + "serde", + "serde_json", + "slog", + "thiserror 1.0.64", + "tokio", + "tokio-tungstenite", + "uuid", +] + +[[package]] +name = "propolis-client" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/propolis?rev=8ccddb47a4c93b7e3480919495dae851afc83782#8ccddb47a4c93b7e3480919495dae851afc83782" +dependencies = [ + "async-trait", + "base64 0.21.7", + "crucible-client-types 0.1.0 (git+https://github.com/oxidecomputer/crucible?rev=7103cd3a3d7b0112d2949dd135db06fef0c156bb)", + "futures", + "progenitor 0.10.0", + "progenitor-client 0.10.0", + "propolis_api_types 0.0.0 (git+https://github.com/oxidecomputer/propolis?rev=8ccddb47a4c93b7e3480919495dae851afc83782)", + "rand 0.9.2", + "reqwest 0.12.23", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -5737,7 +6556,7 @@ name = "propolis-config-toml" version = "0.0.0" dependencies = [ "cpuid_profile_config", - "propolis-client", + "propolis-client 0.1.0", "serde", "serde_derive", "thiserror 1.0.64", @@ -5771,11 +6590,11 @@ dependencies = [ "hyper", "progenitor 0.13.0", "propolis-api-types-versions", - "propolis_api_types", - "propolis_types", + "propolis_api_types 0.0.0", + "propolis_types 0.0.0", "rand 0.9.2", "reqwest 0.13.2", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -5817,7 +6636,7 @@ dependencies = [ "clap", "const_format", "cpuid_utils", - "crucible-client-types", + "crucible-client-types 0.1.0 (git+https://github.com/oxidecomputer/crucible?rev=ae1da83e66c648574827298f4bc444632bf4d047)", "dropshot 0.17.0", "erased-serde 0.4.5", "expectorate", @@ -5831,7 +6650,7 @@ dependencies = [ "lazy_static", "mockall", "nexus-client", - "omicron-common", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "oxide-tokio-rt", "oximeter", "oximeter-instruments", @@ -5840,15 +6659,15 @@ dependencies = [ "propolis", "propolis-api-types-versions", "propolis-server-api", - "propolis_api_types", - "propolis_types", + "propolis_api_types 0.0.0", + "propolis_types 0.0.0", "proptest", "reqwest 0.13.2", "rfb", "rgb_frame", "ring", "ron", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_derive", @@ -5866,13 +6685,14 @@ dependencies = [ "toml 0.7.8", "usdt 0.6.0", "uuid", + "vm-attest", ] [[package]] name = "propolis-server-api" version = "0.1.0" dependencies = [ - "crucible-client-types", + "crucible-client-types 0.1.0 (git+https://github.com/oxidecomputer/crucible?rev=ae1da83e66c648574827298f4bc444632bf4d047)", "dropshot 0.17.0", "dropshot-api-manager-types", "propolis-api-types-versions", @@ -5888,7 +6708,7 @@ dependencies = [ "clap", "cpuid_profile_config", "cpuid_utils", - "crucible-client-types", + "crucible-client-types 0.1.0 (git+https://github.com/oxidecomputer/crucible?rev=ae1da83e66c648574827298f4bc444632bf4d047)", "ctrlc", "erased-serde 0.4.5", "fatfs", @@ -5897,7 +6717,7 @@ dependencies = [ "oxide-tokio-rt", "pbind", "propolis", - "propolis_types", + "propolis_types 0.0.0", "serde", "serde_json", "slog", @@ -5922,7 +6742,7 @@ dependencies = [ "cpuid_utils", "libc", "propolis", - "propolis_api_types", + "propolis_api_types 0.0.0", "serde", "serde_json", ] @@ -5931,20 +6751,42 @@ dependencies = [ name = "propolis_api_types" version = "0.0.0" dependencies = [ - "crucible-client-types", + "crucible-client-types 0.1.0 (git+https://github.com/oxidecomputer/crucible?rev=ae1da83e66c648574827298f4bc444632bf4d047)", "propolis-api-types-versions", ] +[[package]] +name = "propolis_api_types" +version = "0.0.0" +source = "git+https://github.com/oxidecomputer/propolis?rev=8ccddb47a4c93b7e3480919495dae851afc83782#8ccddb47a4c93b7e3480919495dae851afc83782" +dependencies = [ + "crucible-client-types 0.1.0 (git+https://github.com/oxidecomputer/crucible?rev=7103cd3a3d7b0112d2949dd135db06fef0c156bb)", + "propolis_types 0.0.0 (git+https://github.com/oxidecomputer/propolis?rev=8ccddb47a4c93b7e3480919495dae851afc83782)", + "schemars 0.8.22", + "serde", + "thiserror 1.0.64", + "uuid", +] + [[package]] name = "propolis_types" version = "0.0.0" dependencies = [ - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_test", ] +[[package]] +name = "propolis_types" +version = "0.0.0" +source = "git+https://github.com/oxidecomputer/propolis?rev=8ccddb47a4c93b7e3480919495dae851afc83782#8ccddb47a4c93b7e3480919495dae851afc83782" +dependencies = [ + "schemars 0.8.22", + "serde", +] + [[package]] name = "proptest" version = "1.5.0" @@ -5971,7 +6813,7 @@ version = "0.1.0" source = "git+https://github.com/oxidecomputer/lldp#b12d9c04ecafbb30b2c3c2d3fc03d32a14a9f6be" dependencies = [ "anyhow", - "schemars", + "schemars 0.8.22", "serde", "thiserror 1.0.64", ] @@ -6031,7 +6873,7 @@ checksum = "f1906b49b0c3bc04b5fe5d86a77925ae6524a19b816ae38ce1e426255f1d8a31" dependencies = [ "aws-lc-rs", "bytes", - "getrandom 0.3.2", + "getrandom 0.3.4", "lru-slab", "rand 0.9.2", "ring", @@ -6141,7 +6983,7 @@ version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38" dependencies = [ - "getrandom 0.3.2", + "getrandom 0.3.4", ] [[package]] @@ -6153,6 +6995,21 @@ dependencies = [ "rand_core 0.6.4", ] +[[package]] +name = "rats-corim" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/rats-corim#f0d5d5168d3d31487a56df32c676b0c6240bcc6b" +dependencies = [ + "ciborium", + "ciborium-io", + "clap", + "hex", + "serde", + "serde_with", + "strum 0.26.3", + "thiserror 2.0.18", +] + [[package]] name = "rayon" version = "1.11.0" @@ -6173,6 +7030,16 @@ dependencies = [ "crossbeam-utils", ] +[[package]] +name = "rdb-types" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/maghemite?rev=3abfb8eb7f6d4ca4658981b4a7a76759a0a3f8ec#3abfb8eb7f6d4ca4658981b4a7a76759a0a3f8ec" +dependencies = [ + "oxnet", + "schemars 0.8.22", + "serde", +] + [[package]] name = "redox_syscall" version = "0.4.1" @@ -6401,6 +7268,16 @@ dependencies = [ "zerocopy 0.8.27", ] +[[package]] +name = "rfc6979" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dd2a808d456c4a54e300a23e9f5a67e122c3024119acbfd73e3bf664491cb2" +dependencies = [ + "hmac", + "subtle", +] + [[package]] name = "rgb_frame" version = "0.0.0" @@ -6686,6 +7563,16 @@ version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f3cb5ba0dc43242ce17de99c180e96db90b235b8a9fdc9543c96d2209116bd9f" +[[package]] +name = "salty" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b947325a585e90733e0e9ec097228f40b637cc346f9bd68f84d5c6297d0fcfef" +dependencies = [ + "subtle", + "zeroize", +] + [[package]] name = "same-file" version = "1.0.6" @@ -6710,15 +7597,39 @@ version = "0.8.22" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3fbf2ae1b8bc8e02df939598064d22402220cd5bbcca1c76f7d6a310974d5615" dependencies = [ - "bytes", - "chrono", + "bytes", + "chrono", + "dyn-clone", + "schemars_derive", + "semver 1.0.27", + "serde", + "serde_json", + "url", + "uuid", +] + +[[package]] +name = "schemars" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4cd191f9397d57d581cddd31014772520aa448f65ef991055d7f61582c65165f" +dependencies = [ + "dyn-clone", + "ref-cast", + "serde", + "serde_json", +] + +[[package]] +name = "schemars" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a2b42f36aa1cd011945615b92222f6bf73c599a102a300334cd7f8dbeec726cc" +dependencies = [ "dyn-clone", - "schemars_derive", - "semver 1.0.27", + "ref-cast", "serde", "serde_json", - "url", - "uuid", ] [[package]] @@ -6795,6 +7706,20 @@ dependencies = [ "untrusted 0.9.0", ] +[[package]] +name = "sec1" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" +dependencies = [ + "base16ct", + "der", + "generic-array", + "pkcs8", + "subtle", + "zeroize", +] + [[package]] name = "secrecy" version = "0.10.3" @@ -6936,10 +7861,11 @@ dependencies = [ [[package]] name = "serde_human_bytes" version = "0.1.0" -source = "git+http://github.com/oxidecomputer/serde_human_bytes?branch=main#0a09794501b6208120528c3b457d5f3a8cb17424" +source = "git+http://github.com/oxidecomputer/serde_human_bytes?branch=main#8f60acdfe7c6d9e2a01f59be920c1c2b19129322" dependencies = [ + "base64 0.22.1", "hex", - "serde", + "serde_core", ] [[package]] @@ -7039,13 +7965,18 @@ dependencies = [ [[package]] name = "serde_with" -version = "3.15.0" +version = "3.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6093cd8c01b25262b84927e0f7151692158fab02d961e04c979d3903eba7ecc5" +checksum = "dd5414fad8e6907dbdd5bc441a50ae8d6e26151a03b1de04d89a5576de61d01f" dependencies = [ "base64 0.22.1", "chrono", "hex", + "indexmap 1.9.3", + "indexmap 2.13.0", + "schemars 0.8.22", + "schemars 0.9.0", + "schemars 1.2.1", "serde_core", "serde_json", "serde_with_macros", @@ -7054,11 +7985,11 @@ dependencies = [ [[package]] name = "serde_with_macros" -version = "3.15.0" +version = "3.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7e6c180db0816026a61afa1cff5344fb7ebded7e4d3062772179f2501481c27" +checksum = "d3db8978e608f1fe7357e211969fd9abdcae80bac1ba7a3369bb7eb6b404eb65" dependencies = [ - "darling 0.21.3", + "darling 0.23.0", "proc-macro2", "quote", "syn 2.0.117", @@ -7070,7 +8001,7 @@ version = "0.9.34+deprecated" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a8b1a1a2ebf674015cc02edccce75287f1a0130d394307b36743c2f5d504b47" dependencies = [ - "indexmap", + "indexmap 2.13.0", "itoa", "ryu", "serde", @@ -7112,6 +8043,16 @@ dependencies = [ "digest 0.10.7", ] +[[package]] +name = "sha3" +version = "0.10.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "75872d278a8f37ef87fa0ddbda7802605cb18344497949862c0d4dcb291eba60" +dependencies = [ + "digest 0.10.7", + "keccak", +] + [[package]] name = "sharded-slab" version = "0.1.7" @@ -7146,6 +8087,16 @@ dependencies = [ "libc", ] +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "digest 0.10.7", + "rand_core 0.6.4", +] + [[package]] name = "sigpipe" version = "0.1.3" @@ -7191,18 +8142,126 @@ dependencies = [ "autocfg", ] +[[package]] +name = "sled-agent-client" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831#becbbb616f5f18b59cc42e511c148734c2ba3831" +dependencies = [ + "anyhow", + "async-trait", + "chrono", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "omicron-uuid-kinds 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "omicron-workspace-hack", + "oxnet", + "progenitor 0.10.0", + "propolis-client 0.1.0 (git+https://github.com/oxidecomputer/propolis?rev=8ccddb47a4c93b7e3480919495dae851afc83782)", + "regress", + "reqwest 0.12.23", + "schemars 0.8.22", + "serde", + "serde_json", + "sled-agent-types", + "sled-agent-types-versions", + "sled-hardware-types 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "slog", + "trust-quorum-types", + "uuid", +] + +[[package]] +name = "sled-agent-types" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831#becbbb616f5f18b59cc42e511c148734c2ba3831" +dependencies = [ + "anyhow", + "async-trait", + "bootstore", + "camino", + "chrono", + "daft", + "iddqd", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "omicron-uuid-kinds 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "omicron-workspace-hack", + "oxnet", + "schemars 0.8.22", + "serde", + "serde_human_bytes", + "serde_json", + "sled-agent-types-versions", + "sled-hardware-types 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "slog", + "slog-error-chain", + "strum 0.27.2", + "swrite", + "thiserror 2.0.18", + "toml 0.8.23", + "tufaceous-artifact", + "uuid", +] + +[[package]] +name = "sled-agent-types-versions" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831#becbbb616f5f18b59cc42e511c148734c2ba3831" +dependencies = [ + "async-trait", + "bootstore", + "camino", + "chrono", + "daft", + "iddqd", + "illumos-utils 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "indent_write", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "omicron-passwords 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "omicron-uuid-kinds 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "omicron-workspace-hack", + "oxnet", + "propolis_api_types 0.0.0 (git+https://github.com/oxidecomputer/propolis?rev=8ccddb47a4c93b7e3480919495dae851afc83782)", + "schemars 0.8.22", + "serde", + "serde_human_bytes", + "serde_json", + "serde_with", + "sha3", + "sled-hardware-types 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "slog", + "strum 0.27.2", + "thiserror 2.0.18", + "trust-quorum-types-versions", + "tufaceous-artifact", + "uuid", +] + [[package]] name = "sled-hardware-types" version = "0.1.0" source = "git+https://github.com/oxidecomputer/omicron?branch=main#b8efb9a08b366541c71eb6334b54768f3cbee724" dependencies = [ - "illumos-utils", - "omicron-common", + "illumos-utils 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?branch=main)", "omicron-workspace-hack", - "schemars", + "schemars 0.8.22", "serde", ] +[[package]] +name = "sled-hardware-types" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831#becbbb616f5f18b59cc42e511c148734c2ba3831" +dependencies = [ + "daft", + "illumos-utils 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "omicron-common 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "omicron-workspace-hack", + "schemars 0.8.22", + "serde", + "slog", + "thiserror 2.0.18", +] + [[package]] name = "slog" version = "2.8.2" @@ -7387,7 +8446,7 @@ version = "0.8.9" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c1c97747dbf44bb1ca44a561ece23508e99cb592e862f22222dcf42f51d1e451" dependencies = [ - "heck 0.5.0", + "heck 0.4.1", "proc-macro2", "quote", "syn 2.0.117", @@ -7430,6 +8489,16 @@ version = "0.9.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] + [[package]] name = "stable_deref_trait" version = "1.2.0" @@ -7455,7 +8524,7 @@ dependencies = [ "lazy_static", "newtype_derive", "petgraph 0.6.5", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "slog", @@ -7556,9 +8625,9 @@ dependencies = [ [[package]] name = "subtle" -version = "2.5.0" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "supports-color" @@ -7717,7 +8786,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2d31c77bdf42a745371d260a26ca7163f1e0924b64afa0b688e61b5a9fa02f16" dependencies = [ "fastrand", - "getrandom 0.3.2", + "getrandom 0.3.4", "once_cell", "rustix 1.1.2", "windows-sys 0.61.2", @@ -7892,6 +8961,26 @@ dependencies = [ "syn 2.0.117", ] +[[package]] +name = "thiserror-impl-no-std" +version = "2.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "58e6318948b519ba6dc2b442a6d0b904ebfb8d411a3ad3e07843615a72249758" +dependencies = [ + "proc-macro2", + "quote", + "syn 1.0.109", +] + +[[package]] +name = "thiserror-no-std" +version = "2.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a3ad459d94dd517257cc96add8a43190ee620011bb6e6cdc82dafd97dfafafea" +dependencies = [ + "thiserror-impl-no-std", +] + [[package]] name = "thread-id" version = "4.2.1" @@ -7980,6 +9069,37 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" +[[package]] +name = "tls_codec" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0de2e01245e2bb89d6f05801c564fa27624dbd7b1846859876c7dad82e90bf6b" +dependencies = [ + "tls_codec_derive", + "zeroize", +] + +[[package]] +name = "tls_codec_derive" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2d2e76690929402faae40aebdda620a2c0e25dd6d3b9afe48867dfd95991f4bd" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] + +[[package]] +name = "tofino" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/tofino#7e56ab6e9a64ebae27cd97cd6e10ebf2cfdc3a33" +dependencies = [ + "anyhow", + "cc", + "illumos-devinfo", +] + [[package]] name = "tokio" version = "1.50.0" @@ -8129,7 +9249,7 @@ version = "0.9.12+spec-1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf92845e79fc2e2def6a5d828f0801e29a2f8acc037becc5ab08595c7d5e9863" dependencies = [ - "indexmap", + "indexmap 2.13.0", "serde_core", "serde_spanned 1.0.4", "toml_datetime 0.7.5+spec-1.1.0", @@ -8144,7 +9264,7 @@ version = "1.0.6+spec-1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "399b1124a3c9e16766831c6bba21e50192572cdd98706ea114f9502509686ffc" dependencies = [ - "indexmap", + "indexmap 2.13.0", "serde_core", "serde_spanned 1.0.4", "toml_datetime 1.0.0+spec-1.1.0", @@ -8186,7 +9306,7 @@ version = "0.19.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421" dependencies = [ - "indexmap", + "indexmap 2.13.0", "serde", "serde_spanned 0.6.9", "toml_datetime 0.6.11", @@ -8199,7 +9319,7 @@ version = "0.22.27" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a" dependencies = [ - "indexmap", + "indexmap 2.13.0", "serde", "serde_spanned 0.6.9", "toml_datetime 0.6.11", @@ -8417,6 +9537,37 @@ dependencies = [ "tracing-log 0.2.0", ] +[[package]] +name = "trust-quorum-types" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831#becbbb616f5f18b59cc42e511c148734c2ba3831" +dependencies = [ + "omicron-workspace-hack", + "trust-quorum-types-versions", +] + +[[package]] +name = "trust-quorum-types-versions" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831#becbbb616f5f18b59cc42e511c148734c2ba3831" +dependencies = [ + "daft", + "derive_more", + "gfss", + "iddqd", + "omicron-uuid-kinds 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "omicron-workspace-hack", + "rand 0.9.2", + "schemars 0.8.22", + "serde", + "serde_human_bytes", + "serde_with", + "sled-hardware-types 0.1.0 (git+https://github.com/oxidecomputer/omicron?rev=becbbb616f5f18b59cc42e511c148734c2ba3831)", + "slog", + "slog-error-chain", + "thiserror 2.0.18", +] + [[package]] name = "try-lock" version = "0.2.5" @@ -8431,7 +9582,7 @@ dependencies = [ "daft", "hex", "proptest", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_human_bytes", @@ -8517,7 +9668,7 @@ dependencies = [ "proc-macro2", "quote", "regress", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -8537,7 +9688,7 @@ dependencies = [ "proc-macro2", "quote", "regress", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -8554,7 +9705,7 @@ checksum = "9708a3ceb6660ba3f8d2b8f0567e7d4b8b198e2b94d093b8a6077a751425de9e" dependencies = [ "proc-macro2", "quote", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -8571,7 +9722,7 @@ checksum = "fd04bb1207cd4e250941cc1641f4c4815f7eaa2145f45c09dd49cb0a3691710a" dependencies = [ "proc-macro2", "quote", - "schemars", + "schemars 0.8.22", "semver 1.0.27", "serde", "serde_json", @@ -8678,13 +9829,13 @@ dependencies = [ "either", "futures", "indent_write", - "indexmap", + "indexmap 2.13.0", "libsw", "linear-map", "omicron-workspace-hack", "owo-colors", "petgraph 0.8.3", - "schemars", + "schemars 0.8.22", "serde", "serde_json", "serde_with", @@ -8936,6 +10087,49 @@ dependencies = [ "nvpair 0.0.0", ] +[[package]] +name = "vm-attest" +version = "0.1.0" +source = "git+https://github.com/oxidecomputer/vm-attest?rev=2cdd17580a4fc6c871d24797016af8dbaac9421d#2cdd17580a4fc6c871d24797016af8dbaac9421d" +dependencies = [ + "anyhow", + "attest-data", + "const-oid", + "dice-verifier", + "ed25519-dalek", + "getrandom 0.3.4", + "hex", + "hubpack", + "libc", + "log", + "rats-corim", + "serde", + "serde_json", + "serde_with", + "sha2 0.10.9", + "thiserror 2.0.18", + "uuid", + "x509-cert", +] + +[[package]] +name = "vsss-rs" +version = "3.3.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "196bbee60607a195bc850e94f0e040bd090e45794ad8df0e9c5a422b9975a00f" +dependencies = [ + "curve25519-dalek", + "elliptic-curve", + "hex", + "rand 0.8.5", + "rand_chacha 0.3.1", + "rand_core 0.6.4", + "serde", + "subtle", + "thiserror-no-std", + "zeroize", +] + [[package]] name = "vtparse" version = "0.6.2" @@ -8988,15 +10182,6 @@ version = "0.11.0+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" -[[package]] -name = "wasi" -version = "0.14.2+wasi-0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9683f9a5a998d873c0d21fcbe3c083009670149a8fab228644b8bd36b2c48cb3" -dependencies = [ - "wit-bindgen-rt", -] - [[package]] name = "wasip2" version = "1.0.2+wasi-0.2.9" @@ -9097,7 +10282,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909" dependencies = [ "anyhow", - "indexmap", + "indexmap 2.13.0", "wasm-encoder", "wasmparser", ] @@ -9136,7 +10321,7 @@ checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe" dependencies = [ "bitflags 2.9.4", "hashbrown 0.15.2", - "indexmap", + "indexmap 2.13.0", "semver 1.0.27", ] @@ -9313,7 +10498,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c5ee8f3d025738cb02bad7868bbb5f8a6327501e870bf51f1b455b0a2454a419" dependencies = [ "windows-collections", - "windows-core 0.61.2", + "windows-core", "windows-future", "windows-link 0.1.1", "windows-numerics", @@ -9325,7 +10510,7 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3beeceb5e5cfd9eb1d76b381630e82c4241ccd0d27f1a39ed41b2760b255c5e8" dependencies = [ - "windows-core 0.61.2", + "windows-core", ] [[package]] @@ -9337,21 +10522,8 @@ dependencies = [ "windows-implement", "windows-interface", "windows-link 0.1.1", - "windows-result 0.3.4", - "windows-strings 0.4.2", -] - -[[package]] -name = "windows-core" -version = "0.62.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b8e83a14d34d0623b51dce9581199302a221863196a1dde71a7663a4c2be9deb" -dependencies = [ - "windows-implement", - "windows-interface", - "windows-link 0.2.1", - "windows-result 0.4.1", - "windows-strings 0.5.1", + "windows-result", + "windows-strings", ] [[package]] @@ -9360,7 +10532,7 @@ version = "0.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fc6a41e98427b19fe4b73c550f060b59fa592d7d686537eebf9385621bfbad8e" dependencies = [ - "windows-core 0.61.2", + "windows-core", "windows-link 0.1.1", "windows-threading", ] @@ -9405,7 +10577,7 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9150af68066c4c5c07ddc0ce30421554771e528bde427614c61038bc2c92c2b1" dependencies = [ - "windows-core 0.61.2", + "windows-core", "windows-link 0.1.1", ] @@ -9416,8 +10588,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b3bab093bdd303a1240bb99b8aba8ea8a69ee19d34c9e2ef9594e708a4878820" dependencies = [ "windows-link 0.1.1", - "windows-result 0.3.4", - "windows-strings 0.4.2", + "windows-result", + "windows-strings", ] [[package]] @@ -9429,15 +10601,6 @@ dependencies = [ "windows-link 0.1.1", ] -[[package]] -name = "windows-result" -version = "0.4.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7781fa89eaf60850ac3d2da7af8e5242a5ea78d1a11c49bf2910bb5a73853eb5" -dependencies = [ - "windows-link 0.2.1", -] - [[package]] name = "windows-strings" version = "0.4.2" @@ -9447,15 +10610,6 @@ dependencies = [ "windows-link 0.1.1", ] -[[package]] -name = "windows-strings" -version = "0.5.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7837d08f69c77cf6b07689544538e017c1bfcf57e34b4c0ff58e6c2cd3b37091" -dependencies = [ - "windows-link 0.2.1", -] - [[package]] name = "windows-sys" version = "0.45.0" @@ -9809,15 +10963,6 @@ dependencies = [ "wit-parser", ] -[[package]] -name = "wit-bindgen-rt" -version = "0.39.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1" -dependencies = [ - "bitflags 2.9.4", -] - [[package]] name = "wit-bindgen-rust" version = "0.51.0" @@ -9826,7 +10971,7 @@ checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21" dependencies = [ "anyhow", "heck 0.5.0", - "indexmap", + "indexmap 2.13.0", "prettyplease", "syn 2.0.117", "wasm-metadata", @@ -9857,7 +11002,7 @@ checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2" dependencies = [ "anyhow", "bitflags 2.9.4", - "indexmap", + "indexmap 2.13.0", "log", "serde", "serde_derive", @@ -9876,7 +11021,7 @@ checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736" dependencies = [ "anyhow", "id-arena", - "indexmap", + "indexmap 2.13.0", "log", "semver 1.0.27", "serde", @@ -9907,6 +11052,18 @@ dependencies = [ "tap", ] +[[package]] +name = "x509-cert" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94" +dependencies = [ + "const-oid", + "der", + "spki", + "tls_codec", +] + [[package]] name = "xattr" version = "1.3.1" @@ -10023,9 +11180,23 @@ dependencies = [ [[package]] name = "zeroize" -version = "1.7.0" +version = "1.8.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +checksum = "85a5b4158499876c763cb03bc4e49185d3cccbabb15b33c627f7884f43db852e" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.117", +] [[package]] name = "zerovec" diff --git a/Cargo.toml b/Cargo.toml index 5449461a3..55eede753 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -95,6 +95,10 @@ sled-agent-client = { git = "https://github.com/oxidecomputer/omicron", branch = crucible = { git = "https://github.com/oxidecomputer/crucible", rev = "ae1da83e66c648574827298f4bc444632bf4d047" } crucible-client-types = { git = "https://github.com/oxidecomputer/crucible", rev = "ae1da83e66c648574827298f4bc444632bf4d047" } +# Attestation +dice-verifier = { git = "https://github.com/oxidecomputer/dice-util", rev = "1d3084b514389847e8e0f5d966d2be4f18d02d32", features = ["sled-agent"] } +vm-attest = { git = "https://github.com/oxidecomputer/vm-attest", rev = "2cdd17580a4fc6c871d24797016af8dbaac9421d", default-features = false } + # External dependencies anyhow = "1.0" async-trait = "0.1.88" @@ -163,6 +167,7 @@ serde_arrays = "0.1" serde_derive = "1.0" serde_json = "1.0" serde_test = "1.0.138" +sha2 = "0.10.9" slog = "2.7" slog-async = "2.8" slog-bunyan = "2.4.0" diff --git a/bin/propolis-server/Cargo.toml b/bin/propolis-server/Cargo.toml index 54d46216e..de5a10195 100644 --- a/bin/propolis-server/Cargo.toml +++ b/bin/propolis-server/Cargo.toml @@ -69,6 +69,7 @@ rgb_frame.workspace = true rfb = { workspace = true, features = ["tungstenite"] } uuid.workspace = true usdt.workspace = true +vm-attest.workspace = true base64.workspace = true schemars = { workspace = true, features = ["chrono", "uuid1"] } diff --git a/bin/propolis-server/src/lib/initializer.rs b/bin/propolis-server/src/lib/initializer.rs index d05df6e20..bbbb9813e 100644 --- a/bin/propolis-server/src/lib/initializer.rs +++ b/bin/propolis-server/src/lib/initializer.rs @@ -4,7 +4,6 @@ use std::convert::TryInto; use std::fs::File; -use std::net::{IpAddr, Ipv4Addr, SocketAddr}; use std::num::{NonZeroU8, NonZeroUsize}; use std::os::unix::fs::FileTypeExt; use std::sync::Arc; @@ -25,6 +24,9 @@ use crucible_client_types::VolumeConstructionRequest; pub use nexus_client::Client as NexusClient; use oximeter::types::ProducerRegistry; use oximeter_instruments::kstat::KstatSampler; +use propolis::attestation; +use propolis::attestation::server::AttestationServerConfig; +use propolis::attestation::server::AttestationSock; use propolis::block; use propolis::chardev::{self, BlockingSource, Source}; use propolis::common::{Lifecycle, GB, MB, PAGE_SIZE}; @@ -96,6 +98,12 @@ pub enum MachineInitError { #[error("boot order entry {0:?} does not refer to an attached disk")] BootOrderEntryWithoutDevice(SpecKey), + #[error( + "disk device {device_id:?} refers to a \ + non-existent block backend {backend_id:?}" + )] + DeviceWithoutBlockBackend { device_id: SpecKey, backend_id: SpecKey }, + #[error("boot entry {0:?} refers to a device on non-zero PCI bus {1}")] BootDeviceOnDownstreamPciBus(SpecKey, u8), @@ -105,6 +113,9 @@ pub enum MachineInitError { #[error("failed to specialize CPUID for vcpu {0}")] CpuidSpecializationFailed(i32, #[source] propolis::cpuid::SpecializeError), + #[error("failed to start attestation server")] + AttestationServer(#[source] std::io::Error), + #[cfg(feature = "falcon")] #[error("softnpu p9 device missing")] SoftNpuP9Missing, @@ -478,31 +489,25 @@ impl MachineInitializer<'_> { Ok(()) } - pub fn initialize_vsock( + pub async fn initialize_vsock( &mut self, chipset: &RegisteredChipset, - ) -> Result<(), MachineInitError> { + attest_cfg: Option, + ) -> Result, MachineInitError> { use propolis::vsock::proxy::VsockPortMapping; - // OANA Port 605 - VM Attestation RFD 605 - const ATTESTATION_PORT: u16 = 605; - const ATTESTATION_ADDR: SocketAddr = SocketAddr::new( - IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), - ATTESTATION_PORT, - ); - if let Some(vsock) = &self.spec.vsock { let bdf: pci::Bdf = vsock.spec.pci_path.into(); let mappings = vec![VsockPortMapping::new( - ATTESTATION_PORT.into(), - ATTESTATION_ADDR, + attestation::ATTESTATION_PORT.into(), + attestation::ATTESTATION_ADDR, )]; let guest_cid = GuestCid::try_from(vsock.spec.guest_cid) - .context("guest cid")?; + .context("could not parse guest cid")?; // While the spec does not recommend how large the virtio descriptor - // table should be we sized this appropriately in testing so + // table should be, we sized this appropriately in testing, so // that the guest is able to move vsock packets at a reasonable // throughput without the need to be much larger. let num_queues = 256; @@ -516,9 +521,23 @@ impl MachineInitializer<'_> { self.devices.insert(vsock.id.clone(), device.clone()); chipset.pci_attach(bdf, device); + + // Spawn attestation server that will go over the vsock device + if let Some(cfg) = attest_cfg { + let attest = AttestationSock::new( + self.log.new(slog::o!("component" => "attestation-server")), + cfg.sled_agent_addr, + ) + .await + .map_err(MachineInitError::AttestationServer)?; + return Ok(Some(attest)); + } + } else { + info!(self.log, "no vsock device in instance spec"); + return Ok(None); } - Ok(()) + Ok(None) } async fn create_storage_backend_from_spec( @@ -672,6 +691,99 @@ impl MachineInitializer<'_> { } } + /// Collect the necessary information out of the VM under construction into + /// the provided `AttestationSocketInit`. This is expected to populate + /// `attest_init` with information so the caller can spawn off + /// `AttestationSockInit::run`. + pub fn prepare_rot_initializer( + &self, + vm_rot: &mut AttestationSock, + ) -> Result<(), MachineInitError> { + let uuid = self.properties.id; + + // The first boot entry is a key into `self.spec.disks`, which is how + // we'll get to a Crucible volume backing this boot option. + let boot_disk_entry = + self.spec.boot_settings.as_ref().and_then(|settings| { + if settings.order.len() >= 2 { + // In a rack we only configure propolis-server with zero or + // one boot disks. It's possible to provide a fuller list, + // and in the future the product may actually expose such a + // capability. At that time, we'll need to have a reckoning + // for what "boot disk measurement" from the RoT actually + // means; it probably "should" be "the measurement of the + // disk that EDK2 decided to boot into", but that + // communication to and from the guest is a little more + // complicated than we want or need to build out today. + // + // Since as the system exists we either have no specific + // boot disk (and don't know where the guest is expected to + // end up), or one boot disk (and can determine which disk + // to collect a measurement of before even running guest + // firmware), we encode this expectation up front. If the + // product has changed such that this assert is reached, + // "that's exciting!" and "sorry for crashing your + // Propolis". + panic!( + "Unsupported VM RoT configuration: \ + more than one boot disk" + ); + } + + settings.order.first() + }); + + let crucible_volume = if let Some(entry) = boot_disk_entry { + let disk_dev = + self.spec.disks.get(&entry.device_id).ok_or_else(|| { + MachineInitError::BootOrderEntryWithoutDevice( + entry.device_id.clone(), + ) + })?; + + let backend_id = match &disk_dev.device_spec { + spec::StorageDevice::Virtio(disk) => &disk.backend_id, + spec::StorageDevice::Nvme(disk) => &disk.backend_id, + }; + + let Some(block_backend) = self.block_backends.get(backend_id) + else { + return Err(MachineInitError::DeviceWithoutBlockBackend { + device_id: entry.device_id.to_owned(), + backend_id: backend_id.to_owned(), + }); + }; + + if let Some(backend) = + block_backend.as_any().downcast_ref::() + { + if backend.is_read_only() { + Some(backend.clone_volume()) + } else { + // Disk must be read-only to be used for attestation. + slog::info!( + self.log, + "boot disk is not read-only (and will not be used for attestations)", + ); + None + } + } else { + // Probably fine, just not handled right now. + slog::warn!( + self.log, + "VM RoT ignoring boot disk: not a Crucible volume" + ); + None + } + } else { + None + }; + + vm_rot.prepare_instance_conf(uuid, crucible_volume); + + Ok(()) + } + /// Initializes the storage devices and backends listed in this /// initializer's instance spec. /// diff --git a/bin/propolis-server/src/lib/server.rs b/bin/propolis-server/src/lib/server.rs index bd70c1c1b..15404be72 100644 --- a/bin/propolis-server/src/lib/server.rs +++ b/bin/propolis-server/src/lib/server.rs @@ -36,6 +36,7 @@ use internal_dns_resolver::{ResolveError, Resolver}; use internal_dns_types::names::ServiceName; pub use nexus_client::Client as NexusClient; use oximeter::types::ProducerRegistry; +use propolis::attestation::server::AttestationServerConfig; use propolis_api_types::disk::{ InstanceVCRReplace, SnapshotRequestPathParams, VCRRequestPathParams, VolumeStatus, VolumeStatusPathParams, @@ -95,6 +96,9 @@ pub struct StaticConfig { /// The configuration to use when setting up this server's Oximeter /// endpoint. metrics: Option, + + /// TODO: comment + attest_config: Option, } /// Context accessible from HTTP callbacks. @@ -113,6 +117,7 @@ impl DropshotEndpointContext { use_reservoir: bool, log: slog::Logger, metric_config: Option, + attest_config: Option, ) -> Self { let vnc_server = VncServer::new(log.clone()); Self { @@ -121,6 +126,7 @@ impl DropshotEndpointContext { bootrom_version, use_reservoir, metrics: metric_config, + attest_config, }, vnc_server, vm: crate::vm::Vm::new(&log), @@ -245,6 +251,7 @@ impl PropolisServerApi for PropolisServerImpl { nexus_client, vnc_server: server_context.vnc_server.clone(), local_server_addr: rqctx.server.local_addr, + attest_config: server_context.static_config.attest_config, }; let vm_init = match init { diff --git a/bin/propolis-server/src/lib/vm/ensure.rs b/bin/propolis-server/src/lib/vm/ensure.rs index 040c91c85..c9a669d14 100644 --- a/bin/propolis-server/src/lib/vm/ensure.rs +++ b/bin/propolis-server/src/lib/vm/ensure.rs @@ -563,7 +563,8 @@ async fn initialize_vm_objects( &properties, ))?; init.initialize_network_devices(&chipset).await?; - init.initialize_vsock(&chipset)?; + let mut attest_handle = + init.initialize_vsock(&chipset, options.attest_config).await?; #[cfg(feature = "failure-injection")] init.initialize_test_devices(); @@ -581,6 +582,14 @@ async fn initialize_vm_objects( let ramfb = init.initialize_fwcfg(spec.board.cpus, &options.bootrom_version)?; + // If we have a VM RoT, that RoT needs to be able to collect some + // information about the guest before it can be actually usable. It will do + // that asynchronously, but have to provide references for initial necessary + // VM state. + if let Some(attest_handle) = attest_handle.as_mut() { + init.prepare_rot_initializer(attest_handle)?; + } + init.register_guest_hv_interface(guest_hv_lifecycle); init.initialize_cpus().await?; @@ -642,6 +651,7 @@ async fn initialize_vm_objects( com1, framebuffer: Some(ramfb), ps2ctrl, + attest_handle, }; // Another really terrible hack. As we've found in Propolis#1008, brk() diff --git a/bin/propolis-server/src/lib/vm/mod.rs b/bin/propolis-server/src/lib/vm/mod.rs index e40d9e4f7..142221468 100644 --- a/bin/propolis-server/src/lib/vm/mod.rs +++ b/bin/propolis-server/src/lib/vm/mod.rs @@ -100,6 +100,7 @@ use state_publisher::StatePublisher; use tokio::sync::{oneshot, watch, RwLock, RwLockReadGuard}; use crate::{server::MetricsEndpointConfig, spec::Spec, vnc::VncServer}; +use propolis::attestation::server::AttestationServerConfig; mod active; pub(crate) mod ensure; @@ -309,6 +310,8 @@ pub(super) struct EnsureOptions { /// The address of this Propolis process, used by the live migration /// protocol to transfer serial console connections. pub(super) local_server_addr: SocketAddr, + + pub(super) attest_config: Option, } impl Vm { diff --git a/bin/propolis-server/src/lib/vm/objects.rs b/bin/propolis-server/src/lib/vm/objects.rs index 9908d3c9c..49ba61c84 100644 --- a/bin/propolis-server/src/lib/vm/objects.rs +++ b/bin/propolis-server/src/lib/vm/objects.rs @@ -13,6 +13,7 @@ use std::{ use futures::{future::BoxFuture, stream::FuturesUnordered, StreamExt}; use propolis::{ + attestation, hw::{ps2::ctrl::PS2Ctrl, qemu::ramfb::RamFb, uart::LpcUart}, vmm::VmmHdl, Machine, @@ -51,6 +52,7 @@ pub(super) struct InputVmObjects { pub com1: Arc>, pub framebuffer: Option>, pub ps2ctrl: Arc, + pub attest_handle: Option, } /// The collection of objects and state that make up a Propolis instance. @@ -86,6 +88,9 @@ pub(crate) struct VmObjectsLocked { /// A handle to the VM's PS/2 controller. ps2ctrl: Arc, + + /// A handle to the VM's attestation server. + attest_handle: Option, } impl VmObjects { @@ -126,6 +131,7 @@ impl VmObjectsLocked { com1: input.com1, framebuffer: input.framebuffer, ps2ctrl: input.ps2ctrl, + attest_handle: input.attest_handle, } } @@ -371,7 +377,7 @@ impl VmObjectsLocked { /// Stops all of a VM's devices and detaches its block backends from their /// devices. - async fn halt_devices(&self) { + async fn halt_devices(&mut self) { // Take care not to wedge the runtime with any device halt // implementations which might block. tokio::task::block_in_place(|| { @@ -386,6 +392,10 @@ impl VmObjectsLocked { backend.stop().await; backend.attachment().detach(); } + + if let Some(attest_handle) = self.attest_handle.take() { + attest_handle.halt().await; + } } /// Resets a VM's kernel vCPU objects to their initial states. diff --git a/bin/propolis-server/src/main.rs b/bin/propolis-server/src/main.rs index 4a4a96aec..4aa0c9e0a 100644 --- a/bin/propolis-server/src/main.rs +++ b/bin/propolis-server/src/main.rs @@ -8,6 +8,8 @@ use std::path::PathBuf; use std::str::FromStr; use std::sync::Arc; +use omicron_common::address::Ipv6Subnet; +use propolis::attestation::server::AttestationServerConfig; use propolis::usdt::register_probes; use propolis_server::{ config, @@ -114,6 +116,7 @@ fn run_server( config_dropshot: dropshot::ConfigDropshot, config_metrics: Option, vnc_addr: Option, + attest_config: Option, log: slog::Logger, ) -> anyhow::Result<()> { use propolis::api_version; @@ -147,6 +150,7 @@ fn run_server( use_reservoir, log.new(slog::o!()), config_metrics, + attest_config, ); // Spawn the runtime for handling API processing @@ -319,12 +323,26 @@ fn main() -> anyhow::Result<()> { propolis_addr.ip(), )?; + let attest_config = match propolis_addr.ip() { + IpAddr::V4(_) => None, + IpAddr::V6(ipv6_addr) => { + let sled_subnet = Ipv6Subnet::< + { omicron_common::address::SLED_PREFIX }, + >::new(ipv6_addr); + let sa_addr = + omicron_common::address::get_sled_address(sled_subnet); + + Some(AttestationServerConfig::new(sa_addr)) + } + }; + run_server( bootrom_path, bootrom_version, config_dropshot, metric_config, vnc_addr, + attest_config, log, ) } diff --git a/lib/propolis/Cargo.toml b/lib/propolis/Cargo.toml index 181114dd6..d092121f6 100644 --- a/lib/propolis/Cargo.toml +++ b/lib/propolis/Cargo.toml @@ -11,6 +11,7 @@ bit_field.workspace = true bitflags = { workspace = true, features = ["serde"] } bitstruct.workspace = true byteorder.workspace = true +dice-verifier.workspace = true lazy_static.workspace = true thiserror.workspace = true bhyve_api.workspace = true @@ -31,6 +32,7 @@ serde.workspace = true serde_arrays.workspace = true erased-serde.workspace = true serde_json.workspace = true +sha2.workspace = true strum = { workspace = true, features = ["derive"] } uuid.workspace = true zerocopy = { workspace = true, features = ["derive"] } @@ -41,6 +43,7 @@ nexus-client = { workspace = true, optional = true } async-trait.workspace = true iddqd.workspace = true nix.workspace = true +vm-attest.workspace = true # falcon libloading = { workspace = true, optional = true } diff --git a/lib/propolis/src/attestation/boot_digest.rs b/lib/propolis/src/attestation/boot_digest.rs new file mode 100644 index 000000000..fbbd9dfea --- /dev/null +++ b/lib/propolis/src/attestation/boot_digest.rs @@ -0,0 +1,117 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +use crucible::BlockIO; +use crucible::BlockIndex; +use crucible::Buffer; + +use vm_attest::Measurement; + +use anyhow::{anyhow, Result}; +use sha2::{Digest, Sha256}; +use slog::{error, info, o, Logger}; +use std::time::{Duration, Instant}; + +/// Find the SHA256 sum of a crucible volume. This should be from a read-only +/// disk; otherwise, this isn't a reliable hash. +pub async fn boot_disk_digest( + vol: crucible::Volume, + log: &Logger, +) -> Result { + let vol_uuid = vol.get_uuid().await.expect("could not get volume UUID"); + let vol_size = vol.total_size().await.expect("could not get volume size"); + let block_size = + vol.get_block_size().await.expect("could not get volume block size"); + let end_block = vol_size / block_size; + let hash_start = Instant::now(); + + let log = log.new(o!("volume_id" => vol_uuid.to_string())); + + // XXX(jph): This was copied from the crucible scrub code, so that we can + // read 128KiB of data on each read, regardless of block size. + let block_count = 131072 / block_size; + + info!( + log, + "starting hash of volume"; + "volume_size" => vol_size, + "block_size" => block_size, + "end_block" => end_block, + "block_count" => block_count, + ); + + let mut hasher = Sha256::new(); + let mut offset = 0; + while offset < end_block { + let remaining_blocks = end_block - offset; + let this_block_count = block_count.min(remaining_blocks); + if this_block_count != block_count { + info!( + log, + "adjusting block_count to {} at offset {}", + this_block_count, + offset + ); + } + assert!( + offset + this_block_count <= end_block, + "offset={}, block_count={}, end={}", + offset, + this_block_count, + end_block + ); + + let block = BlockIndex(offset); + let mut buffer = + Buffer::new(this_block_count as usize, block_size as usize); + + // Read the whole disk and hash it. + // + // If an individual read call fails, we'll retry some number of times, + // but if that fails, just return an error to the attestation server. + // If reads are failing on the boot disk, it's unlikely the instance is + // doing well anyway, so there's not much to do here. + let retry_count = 5; + let mut n_retries = 0; + loop { + if n_retries >= retry_count { + error!( + log, + "failed to read boot disk in {n_retries} tries \ + aborting hash of boot digest" + ); + + return Err(anyhow!("could not hash boot disk digest")); + } + + let res = vol.read(block, &mut buffer).await; + + if let Err(e) = res { + error!(log, + "read failed: {e:?}"; + "retry_count" => retry_count, + "io_offset" => offset, + "this_block_count" => this_block_count, + "block_size" => block_size, + "end_block" => end_block, + ); + let delay = 1; + error!(log, "will retry in {delay} secs"); + + n_retries += 1; + tokio::time::sleep(Duration::from_secs(delay)).await; + } else { + break; + } + } + + hasher.update(&*buffer); + offset += this_block_count; + } + + let elapsed = hash_start.elapsed(); + info!(log, "hash of volume took {:?} ms", elapsed.as_millis()); + + Ok(Measurement::Sha256(hasher.finalize().into())) +} diff --git a/lib/propolis/src/attestation/mod.rs b/lib/propolis/src/attestation/mod.rs new file mode 100644 index 000000000..c606389f7 --- /dev/null +++ b/lib/propolis/src/attestation/mod.rs @@ -0,0 +1,52 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +//! # RFD 605: VM Attestation +//! +//! +//! ## Instance Identity Data +//! +//! Our MVP includes the following identity data for an instance: +//! +//! * boot digest, aka SHA256 hash of the boot disk specified for the instance +//! (iff the instance has a boot disk, and that boot disk is read-only) +//! * instance UUID +//! +//! If there is no boot disk, or the boot disk is not read-only, only the +//! instance ID is used as identifying data. +//! +//! If there is a read-only boot disk, the attestation server will fail +//! challenge requests from guest until the boot disk has been hashed. +//! +//! +//! ## High-Level Design +//! +//! The following assumes that the instance has a vsock device configured. +//! (If there is no vsock device, there will be no attestation server listening +//! there.) +//! +//! - Guest software submits a 32-byte nonce to a known attestation port. +//! - This port is backed by a vsock device in propolis. +//! - When the instance is created (via `instance_ensure`), a tokio task +//! begins to hash the boot disk of the instance (assuming that a boot disk +//! is specified and that it is read-only.) +//! - The attestation server waits on a tokio oneshot channel for the +//! "VM conf", a structure containing data relevant to instance identity. +//! This conf is sent to the attestation server once all of the VM identity +//! data is done (so, in practice, when the boot disk is hashed). +//! - Until the VM conf is ready, the attestation server fails challenges. +//! - Once the VM conf is ready, these challenges are passed through to the +//! sled-agent RoT APIs via the vm_attest crate, and those results are +//! propagated back to the user. +//! + +use std::net::{IpAddr, Ipv4Addr, SocketAddr}; + +pub mod boot_digest; +pub mod server; + +// See: https://github.com/oxidecomputer/oana +pub const ATTESTATION_PORT: u16 = 605; +pub const ATTESTATION_ADDR: SocketAddr = + SocketAddr::new(IpAddr::V4(Ipv4Addr::new(127, 0, 0, 1)), ATTESTATION_PORT); diff --git a/lib/propolis/src/attestation/server.rs b/lib/propolis/src/attestation/server.rs new file mode 100644 index 000000000..ebcd6df9e --- /dev/null +++ b/lib/propolis/src/attestation/server.rs @@ -0,0 +1,378 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at https://mozilla.org/MPL/2.0/. + +use std::io; +use std::net::SocketAddrV6; +use std::sync::Arc; +use std::sync::Mutex; + +use slog::{error, info, o, Logger}; +use tokio::io::{AsyncBufReadExt, AsyncWriteExt, BufReader}; +use tokio::net::{TcpListener, TcpStream}; +use tokio::sync::{oneshot, Mutex as TokioMutex}; +use tokio::task::JoinHandle; + +use dice_verifier::sled_agent::AttestSledAgent; +use dice_verifier::Attest; + +use vm_attest::VmInstanceConf; + +use crate::attestation::ATTESTATION_ADDR; + +#[derive(Copy, Clone)] +pub struct AttestationServerConfig { + pub sled_agent_addr: SocketAddrV6, +} + +impl AttestationServerConfig { + pub fn new(sled_agent_addr: SocketAddrV6) -> Self { + Self { sled_agent_addr } + } +} + +pub struct AttestationSock { + log: slog::Logger, + join_hdl: JoinHandle<()>, + hup_send: oneshot::Sender<()>, + init_state: AttestationInitState, +} + +#[derive(Debug)] +enum AttestationInitState { + Preparing { + vm_conf_send: oneshot::Sender, + }, + /// A transient state while we're getting the initializer ready, having + /// taken `Preparing` and its `vm_conf_send`, but before we've got a + /// `JoinHandle` to track as running. + Initializing, + Running { + init_task: JoinHandle<()>, + }, +} + +/// This struct manages providing the requisite data for a corresponding +/// `AttestationSock` to become fully functional. +pub struct AttestationSockInit { + log: slog::Logger, + vm_conf_send: oneshot::Sender, + uuid: uuid::Uuid, + volume_ref: Option, +} + +impl AttestationSockInit { + /// Do any any remaining work of collecting VM RoT measurements in support + /// of this VM's attestation server. + pub async fn run(self) { + let AttestationSockInit { log, vm_conf_send, uuid, volume_ref } = self; + + let mut vm_conf = vm_attest::VmInstanceConf { uuid, boot_digest: None }; + + if let Some(volume) = volume_ref { + // TODO: load-bearing sleep: we have a Crucible volume, but we can + // be here and chomping at the bit to get a digest calculation + // started well before the volume has been activated; in + // `propolis-server` we need to wait for at least a subsequent + // instance start. Similar to the scrub task for Crucible disks, + // delay some number of seconds in the hopes that activation is done + // promptly. + // + // This should be replaced by awaiting for some kind of actual + // "activated" signal. + // + // see #1078 + tokio::time::sleep(std::time::Duration::from_secs(10)).await; + + let boot_digest = + match crate::attestation::boot_digest::boot_disk_digest( + volume, &log, + ) + .await + { + Ok(digest) => digest, + Err(e) => { + // a panic here is unfortunate, but helps us debug for + // now; if the digest calculation fails it may be some + // retryable issue that a guest OS would survive. but + // panicking here means we've stopped Propolis at the + // actual error, rather than noticing the + // `vm_conf_sender` having dropped elsewhere. + panic!("failed to compute boot disk digest: {e:?}"); + } + }; + + vm_conf.boot_digest = Some(boot_digest); + } else { + slog::warn!(log, "not computing boot disk digest"); + } + + let send_res = vm_conf_send.send(vm_conf); + if let Err(_) = send_res { + slog::error!( + log, + "attestation server is not listening for its config?" + ); + } + } +} + +impl AttestationSock { + pub async fn new(log: Logger, sa_addr: SocketAddrV6) -> io::Result { + info!(log, "attestation server created (sled-agent addr {:?}", sa_addr); + + let listener = TcpListener::bind(ATTESTATION_ADDR).await?; + let (vm_conf_send, vm_conf_recv) = + oneshot::channel::(); + let (hup_send, hup_recv) = oneshot::channel::<()>(); + + let attest_init_log = log.new(o!("component" => "attestation-server")); + let attest_log_clone = attest_init_log.clone(); + let join_hdl = tokio::spawn(async move { + Self::run( + attest_log_clone, + listener, + vm_conf_recv, + hup_recv, + sa_addr, + ) + .await; + }); + let attestation_sock = Self { + log: attest_init_log, + join_hdl, + hup_send, + init_state: AttestationInitState::Preparing { vm_conf_send }, + }; + Ok(attestation_sock) + } + + /// Stop the attestation server and abort in-flight initialization, if any + /// is in progress. + /// + /// We don't worry about stopping any related `handle_conn` because they + /// will discover that one or both ends of the connection are gone soon; we + /// are closing our end, and the guest's side will close when the + /// corresponding virtio-socket device is stopped. + pub async fn halt(self) { + let Self { join_hdl, hup_send, init_state, log: _ } = self; + + // Signal the socket listener to hang up, then wait for it to bail + let _ = hup_send.send(()); + let _ = join_hdl.await; + + if let AttestationInitState::Running { init_task } = init_state { + init_task.abort(); + } + } + + /// Handle an incoming connection to the attestation port. + async fn handle_conn( + log: Logger, + rot: Arc>, + vm_conf: Arc>>, + conn: TcpStream, + ) { + let res = Self::handle_conn_inner(&log, rot, vm_conf, conn).await; + if let Err(e) = res { + slog::error!( + log, + "error handling attestation server connection: {e}" + ); + } + } + + /// The actual work of handling an incoming connection. This should only be + /// called from `handle_conn`, and is distinct only for `?`/`Result` + /// ergonomics. + async fn handle_conn_inner( + log: &Logger, + rot: Arc>, + vm_conf: Arc>>, + conn: TcpStream, + ) -> anyhow::Result<()> { + info!(log, "handling attestation request"); + + let mut msg = String::new(); + + const MAX_LINE_LENGTH: usize = 1024; + let (reader, mut writer) = tokio::io::split(conn); + let mut reader = BufReader::with_capacity(MAX_LINE_LENGTH, reader); + + loop { + let bytes_read = reader.read_line(&mut msg).await?; + if bytes_read == 0 { + break; + } + + // Check if the limit was hit and a newline wasn't found + if bytes_read == MAX_LINE_LENGTH && !msg.ends_with('\n') { + slog::warn!( + log, + "Line length exceeded the limit of {} bytes.", + MAX_LINE_LENGTH + ); + let response = + vm_attest::Response::Error("Request too long".to_string()); + let mut response = serde_json::to_string(&response)?; + response.push('\n'); + slog::info!(log, "sending error response: {response}"); + writer.write_all(response.as_bytes()).await?; + break; + } + + slog::debug!(log, "JSON received: {msg}"); + + let result: Result = + serde_json::from_str(&msg); + let request = match result { + Ok(q) => q, + Err(e) => { + let response = vm_attest::Response::Error(e.to_string()); + let mut response = serde_json::to_string(&response)?; + response.push('\n'); + slog::info!(log, "sending error response: {response}"); + writer.write_all(response.as_bytes()).await?; + break; + } + }; + + let response = match request { + vm_attest::Request::Attest(q) => { + slog::debug!(log, "qualifying data received: {q:?}"); + + let conf = { + let guard = vm_conf.lock().unwrap(); + guard.to_owned() + }; + + match conf { + Some(conf) => { + info!(log, "vm conf is ready = {:?}", conf); + + let rot_guard = rot.lock().await; + + match rot_guard.attest(&conf, &q).await { + Ok(a) => vm_attest::Response::Attest(a), + Err(e) => { + vm_attest::Response::Error(e.to_string()) + } + } + } + + // The VM conf isn't ready yet. + None => { + info!(log, "vm conf is NOT ready"); + let response = vm_attest::Response::Error( + "VmInstanceConf not ready".to_string(), + ); + response + } + } + } + }; + + let mut response = serde_json::to_string(&response)?; + response.push('\n'); + + slog::debug!(log, "sending response: {response}"); + writer.write_all(response.as_bytes()).await?; + msg.clear(); + } + + info!(log, "attestation request completed"); + Ok(()) + } + + pub fn prepare_instance_conf( + &mut self, + uuid: uuid::Uuid, + volume_ref: Option, + ) { + let init_state = std::mem::replace( + &mut self.init_state, + AttestationInitState::Initializing, + ); + let vm_conf_send = match init_state { + AttestationInitState::Preparing { vm_conf_send } => vm_conf_send, + other => { + panic!( + "VM RoT used incorrectly: prepare_instance_conf called \ + more than once. current state {other:?}" + ); + } + }; + let init = AttestationSockInit { + log: self.log.clone(), + uuid, + volume_ref, + vm_conf_send, + }; + let init_task = tokio::spawn(init.run()); + self.init_state = AttestationInitState::Running { init_task }; + } + + pub async fn run( + log: Logger, + listener: TcpListener, + vm_conf_recv: oneshot::Receiver, + mut hup_recv: oneshot::Receiver<()>, + sa_addr: SocketAddrV6, + ) { + info!(log, "attestation server running"); + + // Attestation requests get to the RoT via sled-agent API endpoints. + let ox_attest: Box = + Box::new(AttestSledAgent::new(sa_addr, &log)); + let rot = + Arc::new(TokioMutex::new(vm_attest::VmInstanceRot::new(ox_attest))); + + let vm_conf = Arc::new(Mutex::new(None)); + + let log_ref = log.clone(); + let vm_conf_cloned = vm_conf.clone(); + tokio::spawn(async move { + match vm_conf_recv.await { + Ok(conf) => { + *vm_conf_cloned.lock().unwrap() = Some(conf); + } + Err(_e) => { + slog::warn!( + log_ref, + "lost boot digest sender, \ + hopefully Propolis is stopping" + ); + } + } + }); + + loop { + tokio::select! { + biased; + + _ = &mut hup_recv => { + return; + }, + + sock_res = listener.accept() => { + info!(log, "new attestation client connected"); + match sock_res { + Ok((sock, _addr)) => { + let rot = rot.clone(); + let log = log.clone(); + let vm_conf = vm_conf.clone(); + + let handler = Self::handle_conn(log, rot, vm_conf, + sock); + tokio::spawn(handler); + + } + Err(e) => { + error!(log, "attestation TCP listener error: {:?}", e); + } + } + }, + }; + } + } +} diff --git a/lib/propolis/src/block/crucible.rs b/lib/propolis/src/block/crucible.rs index f0cfdb26e..5ba04a14b 100644 --- a/lib/propolis/src/block/crucible.rs +++ b/lib/propolis/src/block/crucible.rs @@ -363,6 +363,14 @@ impl CrucibleBackend { pub async fn volume_is_active(&self) -> Result { self.state.volume.query_is_active().await } + + pub fn clone_volume(&self) -> Volume { + self.state.volume.clone() + } + + pub fn is_read_only(&self) -> bool { + self.state.info.read_only + } } #[async_trait::async_trait] @@ -380,6 +388,9 @@ impl block::Backend for CrucibleBackend { self.block_attach.stop(); self.workers.join_all().await; } + fn as_any(&self) -> &dyn std::any::Any { + self + } } #[derive(Debug, Error)] diff --git a/lib/propolis/src/block/file.rs b/lib/propolis/src/block/file.rs index 97d801534..0d95aa43f 100644 --- a/lib/propolis/src/block/file.rs +++ b/lib/propolis/src/block/file.rs @@ -251,6 +251,10 @@ impl block::Backend for FileBackend { self.block_attach.stop(); self.workers.block_until_joined(); } + + fn as_any(&self) -> &dyn std::any::Any { + self + } } mod dkioc { diff --git a/lib/propolis/src/block/in_memory.rs b/lib/propolis/src/block/in_memory.rs index 964bf963e..949412a45 100644 --- a/lib/propolis/src/block/in_memory.rs +++ b/lib/propolis/src/block/in_memory.rs @@ -172,6 +172,10 @@ impl block::Backend for InMemoryBackend { self.block_attach.stop(); self.workers.block_until_joined(); } + + fn as_any(&self) -> &dyn std::any::Any { + self + } } /// Read from bytes into guest memory diff --git a/lib/propolis/src/block/mem_async.rs b/lib/propolis/src/block/mem_async.rs index 616a59944..d834bd388 100644 --- a/lib/propolis/src/block/mem_async.rs +++ b/lib/propolis/src/block/mem_async.rs @@ -163,6 +163,9 @@ impl block::Backend for MemAsyncBackend { self.block_attach.stop(); self.workers.join_all().await; } + fn as_any(&self) -> &dyn std::any::Any { + self + } } struct MmapSeg(NonNull, usize); diff --git a/lib/propolis/src/block/mod.rs b/lib/propolis/src/block/mod.rs index ccc183f8b..674f2a985 100644 --- a/lib/propolis/src/block/mod.rs +++ b/lib/propolis/src/block/mod.rs @@ -327,6 +327,9 @@ pub trait Backend: Send + Sync + 'static { /// requests when they are told to pause (and will only report they are /// fully paused when all their in-flight requests have completed). async fn stop(&self); + + /// TODO: good comment here explaining the downcasting + fn as_any(&self) -> &dyn std::any::Any; } /// Consumer of per-[Request] metrics diff --git a/lib/propolis/src/lib.rs b/lib/propolis/src/lib.rs index 5f07fa1bd..d11a3aa4c 100644 --- a/lib/propolis/src/lib.rs +++ b/lib/propolis/src/lib.rs @@ -16,6 +16,7 @@ extern crate bitflags; pub mod accessors; pub mod api_version; +pub mod attestation; pub mod block; pub mod chardev; pub mod common; diff --git a/xtask/src/task_clippy.rs b/xtask/src/task_clippy.rs index d0fe2e1a7..377c19132 100644 --- a/xtask/src/task_clippy.rs +++ b/xtask/src/task_clippy.rs @@ -44,14 +44,17 @@ pub(crate) fn cmd_clippy(strict: bool, quiet: bool) -> Result<()> { run_clippy(&["-p", "propolis-server", "--features", "omicron-build"])?; // Check the Falcon bits - failed |= run_clippy(&[ - "--features", - "falcon", - "-p", - "propolis-server", - "-p", - "propolis-client", - ])?; + // + // TODO(jph): Currently specifying both the propolis-client and + // propolis-server packages in a single clippy command will cause clippy + // to fail because cargo finds 2 copies of propolis-client. This is because + // dice-util depends on sled-agent-client, which depends on a rev of + // propolis. + // + // We should clean this up by making sled-agent-client not re-export + // propolis-client.. + failed |= run_clippy(&["--features", "falcon", "-p", "propolis-server"])?; + failed |= run_clippy(&["-p", "propolis-client"])?; // Check the mock server failed |= run_clippy(&["-p", "propolis-mock-server"])?;