rancher/kcrypt-challenger
1
0
Fork 0
mirror of https://github.com/kairos-io/kcrypt-challenger.git synced 2025-09-25 20:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
251 Commits 12 Branches 18 Tags
fac5dfb32db8ada3bc3ee7977610640afe2c45fc
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Dimitris Karakasilis fac5dfb32d Remove stubbed version and fix tests 
Signed-off-by: Dimitris Karakasilis <dimitris@karakasilis.me>
2025-09-24 14:32:21 +03:00
.devcontainer
🤖 Add .devcontainer
2022-10-08 22:53:00 +00:00
.github
chore(deps): update actions/download-artifact action to v5 (#135)
2025-09-13 08:58:54 +00:00
api/v1alpha1
Use specific PCRs in tpm quote
2025-09-22 15:56:32 +03:00
cmd/discovery
Remove stubbed version and fix tests
2025-09-24 14:32:21 +03:00
config
Use specific PCRs in tpm quote
2025-09-22 15:56:32 +03:00
controllers
Remove stubbed version and fix tests
2025-09-24 14:32:21 +03:00
examples
Introduce a cli interface to interace with the challenger client
2025-09-18 13:47:10 +03:00
hack
Initial import
2022-10-13 20:34:44 +00:00
pkg
Fix tests
2025-09-24 10:44:32 +03:00
scripts
Bump to go1.22 (#70)
2024-07-11 17:51:49 +02:00
tests
Skip test that is not ready yet
2024-01-25 12:40:14 +02:00
.dockerignore
Initial import
2022-10-13 20:34:44 +00:00
.earthlyignore
Bump to go1.22 (#70)
2024-07-11 17:51:49 +02:00
.gitignore
Use a KairosLogger consistently
2025-09-18 14:29:48 +03:00
.goreleaser.yaml
Use tag instead of version for archive release
2025-04-11 18:33:33 +02:00
.yamllint
Add yamllint
2023-03-29 14:33:29 +02:00
Dockerfile
chore: update Go version and dependencies (#143)
2025-09-12 14:03:36 +02:00
Earthfile
chore: update Go version and dependencies (#143)
2025-09-12 14:03:36 +02:00
earthly.sh
chore(deps): update earthly/earthly docker tag to v0.8.16 (#132)
2025-09-13 06:11:18 +00:00
go.mod
Allow the user to cleanup NV indexes
2025-09-24 13:58:17 +03:00
go.sum
Allow the user to cleanup NV indexes
2025-09-24 13:58:17 +03:00
LICENSE
Create LICENSE
2022-10-09 00:30:32 +02:00
main.go
Add more logs and refactor the server handers
2023-10-27 09:17:48 +03:00
Makefile
chore: update Go version and dependencies (#143)
2025-09-12 14:03:36 +02:00
mdns-notes.md
Add neednet grub setting to mdns notes (it's needed)
2024-01-25 12:36:58 +02:00
PROJECT
Initial import
2022-10-13 20:34:44 +00:00
README.md
Allow the user to cleanup NV indexes
2025-09-24 13:58:17 +03:00
renovate.json
Update renovate.json
2024-07-11 18:01:41 +02:00

README.md


kairos-white-column 5bc2fe34
Kcrypt challenger

Kcrypt TPM challenger

license docs go report card

With Kairos you can build immutable, bootable Kubernetes and OS images for your edge devices as easily as writing a Dockerfile. Optional P2P mesh with distributed ledger automates node bootstrapping and coordination. Updating nodes is as easy as CI/CD: push a new image to your container registry and let secure, risk-free A/B atomic upgrades do the rest.

Documentation

Contribute

📚 Getting started with Kairos
💡 Examples
🎥 Video
👐Engage with the Community

🙌 CONTRIBUTING.md
🙋 GOVERNANCE
👷Code of conduct
This is experimental!

This is the Kairos kcrypt-challenger Kubernetes Native Extension.

Usage

See the documentation in our website: https://kairos.io/docs/advanced/partition_encryption/.

TPM NV Memory Cleanup

⚠️ DANGER: This command removes encryption passphrases from TPM memory! ⚠️ If you delete the wrong index, your encrypted disk may become UNBOOTABLE!

During development and testing, the kcrypt-challenger may store passphrases in TPM non-volatile (NV) memory. These passphrases persist across reboots and can accumulate over time, taking up space in the TPM.

To clean up TPM NV memory used by the challenger:

# Clean up the default NV index (respects config or defaults to 0x1500000)
kcrypt-discovery-challenger cleanup

# Clean up a specific NV index
kcrypt-discovery-challenger cleanup --nv-index=0x1500001

# Clean up with specific TPM device
kcrypt-discovery-challenger cleanup --tpm-device=/dev/tpmrm0

Safety Features:

  • By default, the command shows warnings and prompts for confirmation
  • You must type "yes" to proceed with deletion
  • Use --i-know-what-i-am-doing flag to skip the prompt (not recommended)

Note: This command uses native Go TPM libraries and requires appropriate permissions to access the TPM device.

Installation

To install, use helm:

# Adds the kairos repo to helm
$ helm repo add kairos https://kairos-io.github.io/helm-charts
"kairos" has been added to your repositories
$ helm repo update                                        
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "kairos" chart repository
Update Complete. ⎈Happy Helming!⎈

# Install the CRD chart
$ helm install kairos-crd kairos/kairos-crds
NAME: kairos-crd
LAST DEPLOYED: Tue Sep  6 20:35:34 2022
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None

# Installs challenger
$ helm install kairos-challenger kairos/kcrypt-challenger
Description
🔐 Kairos TPM encryption plugin
Readme Apache-2.0 19 MiB
Languages
Go 76.4%
Makefile 14.1%
Earthly 4.5%
Shell 4%
Dockerfile 1%