Skip to content

feat: tedge cert create use HSM configuration #3891

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
Bravo555 wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

feat: tedge cert create use HSM configuration #3891

Bravo555 wants to merge 2 commits into from

Conversation

@Bravo555
Copy link
Member

@Bravo555 Bravo555 commented Dec 9, 2025

TODO

  • handle scenario when there's no key on the HSM
  • handle other errors (tedge-p11-server errors, etc.)

Proposed changes

Make tedge cert create command use the current HSM configuration, i.e. if we're currently using a PKCS11-based private key, sign the self-signed certificate using that key. Otherwise the certificate is broken as it's signed with a different private key that doesn't correspond to the public key info in the certificate.

Normally tedge cert create persists to disk newly generated certificate and the private key, but now, if already existing PKCS11-based private key is used, the private key is not persisted (because it can't be).

Types of changes

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Improvement (general improvements like code refactoring that doesn't explicitly fix a bug or add any new functionality)
  • Documentation Update (if none of the other choices apply)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Paste Link to the issue

Checklist

  • I have read the CONTRIBUTING doc
  • I have signed the CLA (in all commits with git commit -s. You can activate automatic signing by running just prepare-dev once)
  • I ran just format as mentioned in CODING_GUIDELINES
  • I used just check as mentioned in CODING_GUIDELINES
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

Further comments

@Bravo555 Bravo555 linked an issue Dec 9, 2025 that may be closed by this pull request
tedge cert create should use HSM configuration #3890
Open
@Bravo555 Bravo555 force-pushed the feat/tedge-cert-create-use-hsm branch from 66b13b9 to 8ea27eb Compare December 9, 2025 21:00
@Bravo555 Bravo555 temporarily deployed to Test Pull Request December 9, 2025 21:00 — with GitHub Actions Inactive
@codecov
Copy link

codecov bot commented Dec 9, 2025

Codecov Report

❌ Patch coverage is 20.66116% with 96 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
crates/common/certificate/src/cryptoki.rs 0.00% 87 Missing ⚠️
crates/core/tedge/src/cli/certificate/create.rs 75.86% 3 Missing and 4 partials ⚠️
crates/common/certificate/src/lib.rs 0.00% 2 Missing ⚠️

📢 Thoughts on this report? Let us know!

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 9, 2025

Robot Results

✅ Passed ❌ Failed ⏭️ Skipped Total Pass % ⏱️ Duration
755 0 3 755 100 2h24m45.101998999s

@reubenmiller reubenmiller added the theme:hsm Hardware Security Module related topics label Dec 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@didier-wenzek didier-wenzek Awaiting requested review from didier-wenzek didier-wenzek will be requested when the pull request is marked ready for review didier-wenzek is a code owner

@albinsuresh albinsuresh Awaiting requested review from albinsuresh albinsuresh will be requested when the pull request is marked ready for review albinsuresh is a code owner

@jarhodes314 jarhodes314 Awaiting requested review from jarhodes314 jarhodes314 will be requested when the pull request is marked ready for review jarhodes314 is a code owner

@rina23q rina23q Awaiting requested review from rina23q rina23q will be requested when the pull request is marked ready for review rina23q is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

theme:hsm Hardware Security Module related topics

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

tedge cert create should use HSM configuration

2 participants

@Bravo555 @reubenmiller