Open aplanas opened 2 years ago
cc: @THS-on
I updated the doc in the openSUSE MicroOS portal: https://en.opensuse.org/Portal:MicroOS/RemoteAttestation#Keylime_agent
I thought the upgrade would continue to work with previous agents on non-mtls so there would exist an upgrade path. Maybe there's a bug that needs to be fixed @THS-on ?
@mpeters the old agents (<6.3) still work, but we haven't updated the documentation for the 6.3 agents which now require a the CA for the mTLS connections.
After this commit: https://github.com/keylime/keylime/commit/70a2f8eabbba15a888dd24ed61d59b6bc5aabbcb that is part of keylime 6.3.0, an agent cannot be started until the CA certificate (that is usually living in the register / verifier node) is copied into the agent node.
We should document this step, together with strategies that allow easy new agent deployments.