TQ: Use BaseboardId instead of PlatformId (#9121)

PlatformId was used as an internal placeholder during trust quorum
protocol development. In order to integrate the trust quorum protocol
code into the rest of Omicron we need to use the proper `BaseboardId`
type from `sled-agent-types`. The real `PlatformId` comes from the
`dice-util-msgs` crate and we'll need to be able to compare that
`PlatfromId` with `BaseboardId` and convert from `PlatformId` to
`BaseboardId` in the future.

Author: andrewjstone

Cargo.lock

@@ -13,6 +13,7 @@ async-trait.workspace = true
 bootstore.workspace = true
 camino.workspace = true
 chrono.workspace = true
+daft.workspace = true
 iddqd.workspace = true
 nexus-sled-agent-shared.workspace = true
 # Note: we're trying to avoid a dependency from sled-agent-types to nexus-types

sled-agent/types/Cargo.toml

@@ -7,6 +7,7 @@
 use std::net::{IpAddr, Ipv6Addr, SocketAddrV6};
 
 use async_trait::async_trait;
+use daft::Diffable;
 use omicron_common::{
     address::{self, Ipv6Subnet, SLED_PREFIX},
     ledger::Ledgerable,
@@ -22,14 +23,33 @@ pub const SWITCH_ZONE_BASEBOARD_FILE: &str = "/opt/oxide/baseboard.json";
 /// A representation of a Baseboard ID as used in the inventory subsystem
 /// This type is essentially the same as a `Baseboard` except it doesn't have a
 /// revision or HW type (Gimlet, PC, Unknown).
-#[derive(Clone, Debug, Serialize, Deserialize, PartialEq, JsonSchema)]
+#[derive(
+    Clone,
+    Debug,
+    Serialize,
+    Deserialize,
+    PartialEq,
+    Eq,
+    PartialOrd,
+    Ord,
+    Hash,
+    JsonSchema,
+    Diffable,
+)]
+#[daft(leaf)]
 pub struct BaseboardId {
     /// Oxide Part Number
     pub part_number: String,
     /// Serial number (unique for a given part number)
     pub serial_number: String,
 }
 
+impl std::fmt::Display for BaseboardId {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}:{}", self.part_number, self.serial_number)
+    }
+}
+
 /// A request to Add a given sled after rack initialization has occurred
 #[derive(Clone, Debug, Serialize, Deserialize, PartialEq, JsonSchema)]
 pub struct AddSledRequest {

sled-agent/types/src/sled.rs

@@ -25,6 +25,7 @@ secrecy.workspace = true
 serde.workspace = true
 serde_with.workspace = true
 sha3.workspace = true
+sled-agent-types.workspace = true
 slog.workspace = true
 slog-error-chain.workspace = true
 static_assertions.workspace = true

trust-quorum/Cargo.toml

@@ -27,7 +27,7 @@ pub enum Alarm {
     MismatchedConfigurations {
         config1: Configuration,
         config2: Configuration,
-        // Either a stringified `PlatformId` or "Nexus"
+        // Either a stringified `BaseboardId` or "Nexus"
         from: String,
     },
 

trust-quorum/src/alarm.rs

@@ -9,7 +9,7 @@
 //! other nodes so  that it can compute its own key share.
 
 use crate::{
-    Alarm, Configuration, Epoch, NodeHandlerCtx, PeerMsgKind, PlatformId,
+    Alarm, BaseboardId, Configuration, Epoch, NodeHandlerCtx, PeerMsgKind,
 };
 use gfss::gf256::Gf256;
 use gfss::shamir::{self, Share};
@@ -25,7 +25,7 @@ pub struct KeyShareComputer {
     // A copy of the configuration stored in persistent state
     config: Configuration,
 
-    collected_shares: BTreeMap<PlatformId, Share>,
+    collected_shares: BTreeMap<BaseboardId, Share>,
 }
 
 #[cfg(feature = "danger_partial_eq_ct_wrapper")]
@@ -63,7 +63,7 @@ impl KeyShareComputer {
     pub fn on_connect(
         &mut self,
         ctx: &mut impl NodeHandlerCtx,
-        peer: PlatformId,
+        peer: BaseboardId,
     ) {
         if self.config.members.contains_key(&peer)
             && !self.collected_shares.contains_key(&peer)
@@ -79,7 +79,7 @@ impl KeyShareComputer {
     pub fn handle_share(
         &mut self,
         ctx: &mut impl NodeHandlerCtx,
-        from: PlatformId,
+        from: BaseboardId,
         epoch: Epoch,
         share: Share,
     ) -> bool {

trust-quorum/src/compute_key_share.rs

@@ -5,7 +5,7 @@
 //! A configuration of a trust quroum at a given epoch
 
 use crate::crypto::{EncryptedRackSecrets, RackSecret, Sha3_256Digest};
-use crate::{Epoch, PlatformId, Threshold};
+use crate::{BaseboardId, Epoch, Threshold};
 use daft::Diffable;
 use gfss::shamir::{Share, SplitError};
 use iddqd::{IdOrdItem, id_upcast};
@@ -51,11 +51,11 @@ pub struct Configuration {
     pub epoch: Epoch,
 
     /// Who was the coordinator of this reconfiguration?
-    pub coordinator: PlatformId,
+    pub coordinator: BaseboardId,
 
     // All members of the current configuration and the hash of their key shares
     #[serde_as(as = "Vec<(_, _)>")]
-    pub members: BTreeMap<PlatformId, Sha3_256Digest>,
+    pub members: BTreeMap<BaseboardId, Sha3_256Digest>,
 
     /// The number of sleds required to reconstruct the rack secret
     pub threshold: Threshold,
@@ -77,9 +77,9 @@ impl IdOrdItem for Configuration {
 pub struct NewConfigParams<'a> {
     pub rack_id: RackUuid,
     pub epoch: Epoch,
-    pub members: &'a BTreeSet<PlatformId>,
+    pub members: &'a BTreeSet<BaseboardId>,
     pub threshold: Threshold,
-    pub coordinator_id: &'a PlatformId,
+    pub coordinator_id: &'a BaseboardId,
 }
 
 impl Configuration {
@@ -90,7 +90,7 @@ impl Configuration {
     /// the last committed epoch.
     pub fn new(
         params: NewConfigParams<'_>,
-    ) -> Result<(Configuration, BTreeMap<PlatformId, Share>), ConfigurationError>
+    ) -> Result<(Configuration, BTreeMap<BaseboardId, Share>), ConfigurationError>
     {
         let coordinator = params.coordinator_id.clone();
         let rack_secret = RackSecret::new();
@@ -110,8 +110,9 @@ impl Configuration {
                 (s.clone(), digest)
             });
 
-        let mut members: BTreeMap<PlatformId, Sha3_256Digest> = BTreeMap::new();
-        let mut shares: BTreeMap<PlatformId, Share> = BTreeMap::new();
+        let mut members: BTreeMap<BaseboardId, Sha3_256Digest> =
+            BTreeMap::new();
+        let mut shares: BTreeMap<BaseboardId, Share> = BTreeMap::new();
         for (platform_id, (share, digest)) in
             params.members.iter().cloned().zip(shares_and_digests)
         {

trust-quorum/src/configuration.rs

@@ -10,7 +10,7 @@ use crate::crypto::{LrtqShare, PlaintextRackSecrets, ReconstructedRackSecret};
 use crate::validators::{
     ReconfigurationError, ValidatedLrtqUpgradeMsg, ValidatedReconfigureMsg,
 };
-use crate::{Configuration, Epoch, PeerMsgKind, PlatformId, RackSecret};
+use crate::{BaseboardId, Configuration, Epoch, PeerMsgKind, RackSecret};
 use bootstore::trust_quorum::RackSecret as LrtqRackSecret;
 use daft::{Diffable, Leaf};
 use gfss::shamir::Share;
@@ -302,7 +302,7 @@ impl CoordinatorState {
     pub fn send_msgs_to(
         &mut self,
         ctx: &mut impl NodeHandlerCtx,
-        to: PlatformId,
+        to: BaseboardId,
     ) {
         match &self.op {
             CoordinatorOperation::CollectShares {
@@ -349,7 +349,7 @@ impl CoordinatorState {
 
     /// Record a `PrepareAck` from another node as part of tracking
     /// quorum for the prepare phase of the trust quorum protocol.
-    pub fn ack_prepare(&mut self, from: PlatformId) {
+    pub fn ack_prepare(&mut self, from: BaseboardId) {
         match &mut self.op {
             CoordinatorOperation::Prepare {
                 prepares, prepare_acks, ..
@@ -384,7 +384,7 @@ impl CoordinatorState {
     pub fn handle_share(
         &mut self,
         ctx: &mut impl NodeHandlerCtx,
-        from: PlatformId,
+        from: BaseboardId,
         epoch: Epoch,
         share: Share,
     ) {
@@ -501,7 +501,7 @@ impl CoordinatorState {
     pub fn handle_lrtq_share(
         &mut self,
         ctx: &mut impl NodeHandlerCtx,
-        from: PlatformId,
+        from: BaseboardId,
         share: LrtqShare,
     ) {
         match &mut self.op {
@@ -627,7 +627,7 @@ impl CoordinatorState {
         &mut self,
         ctx: &mut impl NodeHandlerCtx,
         log: Logger,
-        mut new_shares: BTreeMap<PlatformId, Share>,
+        mut new_shares: BTreeMap<BaseboardId, Share>,
         plaintext_secrets: PlaintextRackSecrets,
     ) {
         let new_epoch = self.configuration.epoch;
@@ -714,25 +714,25 @@ impl CoordinatorState {
 pub enum CoordinatorOperation {
     CollectShares {
         old_epoch: Epoch,
-        old_collected_shares: BTreeMap<PlatformId, Share>,
+        old_collected_shares: BTreeMap<BaseboardId, Share>,
 
         // These are new shares that the coordinator created that we carry along
         // until we get to `CoordinatorOperation::Prepare`
-        new_shares: BTreeMap<PlatformId, Share>,
+        new_shares: BTreeMap<BaseboardId, Share>,
     },
     CollectLrtqShares {
-        collected_lrtq_shares: BTreeMap<PlatformId, LrtqShare>,
+        collected_lrtq_shares: BTreeMap<BaseboardId, LrtqShare>,
 
         // These are new shares that the coordinator created that we carry along
         // until we get to `CoordinatorOperation::Prepare`
-        new_shares: BTreeMap<PlatformId, Share>,
+        new_shares: BTreeMap<BaseboardId, Share>,
     },
     Prepare {
         /// The set of Prepares to send to each node
-        prepares: BTreeMap<PlatformId, (Configuration, Share)>,
+        prepares: BTreeMap<BaseboardId, (Configuration, Share)>,
 
         /// Acknowledgements that the prepare has been received
-        prepare_acks: BTreeSet<PlatformId>,
+        prepare_acks: BTreeSet<BaseboardId>,
     },
 }
 
@@ -749,7 +749,7 @@ impl CoordinatorOperation {
 
     /// Return the members that have acked prepares, if the current operation
     /// is `Prepare`. Otherwise return an empty set.
-    pub fn acked_prepares(&self) -> BTreeSet<PlatformId> {
+    pub fn acked_prepares(&self) -> BTreeSet<BaseboardId> {
         if let CoordinatorOperation::Prepare { prepare_acks, .. } = self {
             prepare_acks.clone()
         } else {

trust-quorum/src/coordinator_state.rs

@@ -14,6 +14,7 @@ use daft::Diffable;
 use derive_more::Display;
 use gfss::shamir::Share;
 use serde::{Deserialize, Serialize};
+pub use sled_agent_types::sled::BaseboardId;
 use slog::{Logger, error, warn};
 
 mod compute_key_share;
@@ -91,57 +92,13 @@ impl Epoch {
 #[daft(leaf)]
 pub struct Threshold(pub u8);
 
-/// A unique identifier for a given trust quorum member.
-//
-/// This data is derived from the subject common name in the platform identity
-/// certificate that makes up part of the certificate chain used to establish
-/// [sprockets](https://github.com/oxidecomputer/sprockets) connections.
-///
-/// See RFDs 303 and 308 for more details.
-#[derive(
-    Debug,
-    Clone,
-    PartialEq,
-    Eq,
-    PartialOrd,
-    Ord,
-    Serialize,
-    Deserialize,
-    Diffable,
-)]
-#[daft(leaf)]
-pub struct PlatformId {
-    part_number: String,
-    serial_number: String,
-}
-
-impl std::fmt::Display for PlatformId {
-    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
-        write!(f, "{}:{}", self.part_number, self.serial_number)
-    }
-}
-
-impl PlatformId {
-    pub fn new(part_number: String, serial_number: String) -> PlatformId {
-        PlatformId { part_number, serial_number }
-    }
-
-    pub fn part_number(&self) -> &str {
-        &self.part_number
-    }
-
-    pub fn serial_number(&self) -> &str {
-        &self.serial_number
-    }
-}
-
 /// A container to make messages between trust quorum nodes routable
 #[derive(Debug, Clone, Serialize, Deserialize, Diffable)]
 #[cfg_attr(feature = "danger_partial_eq_ct_wrapper", derive(PartialEq, Eq))]
 #[daft(leaf)]
 pub struct Envelope {
-    pub to: PlatformId,
-    pub from: PlatformId,
+    pub to: BaseboardId,
+    pub from: BaseboardId,
     pub msg: PeerMsg,
 }
 
@@ -160,7 +117,7 @@ impl Envelope {
 pub fn validate_share(
     log: &Logger,
     config: &Configuration,
-    from: &PlatformId,
+    from: &BaseboardId,
     epoch: Epoch,
     share: &Share,
 ) -> bool {

trust-quorum/src/lib.rs

@@ -5,7 +5,7 @@
 //! Messsages for the trust quorum protocol
 
 use crate::crypto::LrtqShare;
-use crate::{Configuration, Epoch, PlatformId, Threshold};
+use crate::{BaseboardId, Configuration, Epoch, Threshold};
 use gfss::shamir::Share;
 use omicron_uuid_kinds::RackUuid;
 use serde::{Deserialize, Serialize};
@@ -18,7 +18,7 @@ pub struct ReconfigureMsg {
     pub rack_id: RackUuid,
     pub epoch: Epoch,
     pub last_committed_epoch: Option<Epoch>,
-    pub members: BTreeSet<PlatformId>,
+    pub members: BTreeSet<BaseboardId>,
     pub threshold: Threshold,
 }
 
@@ -32,7 +32,7 @@ pub struct LrtqUpgradeMsg {
     // upgraded trust quorum cluster. This is implicit, as the membership of the
     // LRTQ cluster is computed based on the existing control plane sleds known
     // to Nexus.
-    pub members: BTreeSet<PlatformId>,
+    pub members: BTreeSet<BaseboardId>,
     pub threshold: Threshold,
 }