8000 image: enable serial console access for MiniConstellation to simplify troubleshooting by malt3 · Pull Request #964 · edgelesssys/constellation · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

image: enable serial console access for MiniConstellation to simplify troubleshooting #964

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jan 13, 2023
Merged

image: enable serial console access for MiniConstellation to simplify troubleshooting #964

merged 2 commits into from
Jan 13, 2023

Conversation

malt3
Copy link
Contributor
@malt3 malt3 commented Jan 13, 2023
edited
Loading

Proposed change(s)

  • image: enable serial console access for QEMU / mini Constellation
  • image: print motd if serial console access is enabled

Additional info

This is meant to simplify debugging in customer environments.
The change only targets QEMU / MiniConstellation and does not affect the security of real CVM images.

This is what a serial console login will look like:

Fedora Linux 37 (Thirty Seven)
Kernel 6.0.18-300.fc37.x86_64 on an x86_64 (ttyS0)

constellation v0.0.0
PCR state:
  sha256:
    0 : 0x7D08997028F34F6CCDD2ED9BD31804CF0B0C7FFF9A4D05299E33620001510281
    1 : 0xEE07102D1418518024110872A713A9824BC7F6AE47D62FD0CDE0918C0E249B7E
    2 : 0x72001A25201B263BC60F869ACE2F728B09DC4BE78B9C80ADCA87A013C2D26950
    3 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
    4 : 0xA8F3446847774248AE966F797AEC726254C142F119F288E9028FB2C9A04AD23C
    5 : 0x5C91B26B348FEA860EFDD55F4F6E21AD437373DC56F0D1FD4C4D4B35BC8F2E43
    6 : 0x3D458CFE55CC03EA1F443F1562BEEC8DF51C75E14A9FCF9A7234A13F198E7969
    7 : 0xDBC0BF1FFBA0307AA4EFECB3766D8A365595BC384A3DCB87D7EF9B5DCF44165B
    8 : 0x0000000000000000000000000000000000000000000000000000000000000000
    9 : 0x6AAC5E17EE6501E48AA17BA26C5559FC83D283C8BFBEC7974D16D1A976BCFE04
    10: 0x8BFCD46863D7C07CEC9A6D77DA335D85365FC862659EB9BB7718455B77263575
    11: 0x0000000000000000000000000000000000000000000000000000000000000000
    12: 0x8FB93B89AA79649D79487AAB2047C58B5AD3733A4F0ABE109136B3F10A07984C
    13: 0x0000000000000000000000000000000000000000000000000000000000000000
    14: 0x1095DA49EE4FC5341966B1D7DF1FB0C78C181AB2E3D9CC4468161FB4592AE404
    15: 0x0000000000000000000000000000000000000000000000000000000000000000
    16: 0x0000000000000000000000000000000000000000000000000000000000000000
    17: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    18: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    19: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    20: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    21: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    22: 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
    23: 0x00000000000000000000000000000
8000
00000000000000000000000000000000000

fedora login: root (automatic login)

[   82.869244] cirrus 0000:00:01.0: [drm] drm_plane_enable_fb_damage_clips() not called
[   82.978341] Console: switching to colour frame buffer device 128x48
Last login: Fri Jan 13 12:09:21 on tty1
~ Welcome to MiniConstellation! ~
Usually, you would not have access to login on release versions of Constellation.
This shell access is specifically granted for debug images and MiniConstellation to allow you to explore the environment Constellation runs in.
[root@fedora ~]#

Checklist

  • Add labels (e.g., for changelog category)

@malt3 malt3 added the feature This introduces new functionality label Jan 13, 2023
@malt3 malt3 requested a review from Nirusu January 13, 2023 09:30
@netlify
Copy link
netlify bot commented Jan 13, 2023
edited
Loading

Deploy Preview for constellation-docs canceled.

Name Link
🔨 Latest commit 1001d1a
🔍 Latest deploy log https://app.netlify.com/sites/constellation-docs/deploys/63c1720ce7891200086ba3ae

@Nirusu
Copy link
Contributor
Nirusu commented Jan 13, 2023

Awesome!

If it's not too much effort, I would suggest adding some MOTD shown upon login which states something like this:

~ Welcome to MiniConstellation! ~
Usually, you would not have access to login on release versions of Constellation.
This shell access is specifically granted for debug images and MiniConstellation to allow you to tinker around in the environment Constellation runs in.

Doesn't have to be exactly this suggestion. Just something that sounds welcoming but states that this is actually intended for QEMU / MiniConstellation to allow research or debugging.

If it's too difficult since we would need to have CSP specific files in the root filesystem I guess we can just also add it to the docs. Should also be fine.

@malt3
Copy link
Contributor Author
malt3 commented Jan 13, 2023

If it's not too much effort, I would suggest adding some MOTD shown upon login which states something like this [...]

Done 👍

@malt3 malt3 marked this pull request as ready for review January 13, 2023 11:13
Nirusu
Nirusu approved these changes Jan 13, 2023
View reviewed changes
Copy link
Contributor
@Nirusu Nirusu left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Think that sounds slightly better. Also removed mentioning debug images since the text already starts with "For MiniConstellation". The other console images should likely have other text, then? Or should we generalize this?

Otherwise LGTM!

@malt3 malt3 force-pushed the feat/mini-constellation-enable-serial-console branch from 150b191 to 1001d1a Compare January 13, 2023 15:00
@malt3
Copy link
Contributor Author
malt3 commented Jan 13, 2023

The other console images should likely have other text, then? Or should we generalize this?

I generalized this slightly for console and MiniConstellation.

@malt3 malt3 merged commit 82462fa into main Jan 13, 2023
@malt3 malt3 deleted the feat/mini-constellation-enable-serial-console branch January 13, 2023 15:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Nirusu Nirusu Nirusu approved these changes

Assignees
No one assigned
Labels
feature This introduces new functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@malt3 @Nirusu
0