New component: tpmextesion - trusted platform module #38682
Labels
Accepted Component
New component has been sponsored
Comments
pavolloffay
added
needs triage
|
I can sponsor this component. |
atoulme
added
Accepted Component
atoulme
pushed a commit
that referenced
this issue
Mar 21, 2025
) <!--Ex. Fixing a bug - Describe the bug and how this fixes the issue. Ex. Adding a feature - Explain what this achieves.--> #### Description <!-- Issue number (e.g. #1234) or full URL to issue, if applicable. --> #### Link to tracking issue Updates #38682 <!--Describe what testing was performed and which tests were added.--> #### Testing Nothing, this is just scaffolding <!--Describe the documentation added.--> #### Documentation <!--Please delete paragraphs that you did not use before submitting.--> --------- Signed-off-by: Pavol Loffay <[email protected]>
This was referenced Mar 23, 2025
This was referenced Mar 31, 2025
Fiery-Fenix
pushed a commit
to Fiery-Fenix/opentelemetry-collector-contrib
that referenced
this issue
Apr 24, 2025
…n-telemetry#38855) <!--Ex. Fixing a bug - Describe the bug and how this fixes the issue. Ex. Adding a feature - Explain what this achieves.--> #### Description <!-- Issue number (e.g. open-telemetry#1234) or full URL to issue, if applicable. --> #### Link to tracking issue Updates open-telemetry#38682 <!--Describe what testing was performed and which tests were added.--> #### Testing Nothing, this is just scaffolding <!--Describe the documentation added.--> #### Documentation <!--Please delete paragraphs that you did not use before submitting.--> --------- Signed-off-by: Pavol Loffay <[email protected]>
github-merge-queue bot
pushed a commit
to open-telemetry/opentelemetry-collector
that referenced
this issue
Apr 30, 2025
<!--Ex. Fixing a bug - Describe the bug and how this fixes the issue. Ex. Adding a feature - Explain what this achieves.--> #### Description Add trusted platform module (TPM) support to TLS package. <!-- Issue number if applicable --> #### Link to tracking issue Resolves open-telemetry/opentelemetry-collector-contrib#38682 Replaces open-telemetry/opentelemetry-collector-contrib#39059 TPM cannot be implemented as extension open-telemetry/opentelemetry-collector-contrib#38682 because it overrides the entire `http.transport` and therefore invalidates other extensions/authenticators. <!--Describe what testing was performed and which tests were added.--> #### Testing ```yaml # make otelcorecol # sudo ./bin/otelcorecol_linux_amd64 --config ./examples/local/tpm.yaml # # CA # openssl genrsa -des3 -out ca.key 2048 # openssl req -new -x509 -days 1826 -key ca.key -out ca.crt -subj "/C=US/ST=CA/L=Santa Clara/O=Edge/OU=Edge/CN=localhost" -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" # # client # sudo tpm2tss-genkey -a rsa -s 2048 edge-cert.key # sudo openssl req -new -provider tpm2 -key edge-cert.key -out edge-cert.csr -subj "/C=US/ST=CA/L=Santa Clara/O=Edge/OU=Edge/CN=localhost" -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" # openssl x509 -req -in edge-cert.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out edge-cert.crt -days 1826 -copy_extensions copyall # # server # openssl genrsa -out server.key 2048 # openssl req -new -key server.key -out server.csr -subj "/C=US/ST=CA/L=Santa Clara/O=Edge/OU=Edge/CN=localhost" -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" # openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 360 -copy_extensions copyall receivers: otlp: protocols: grpc: endpoint: localhost:4317 http: endpoint: localhost:4318 otlp/server: protocols: grpc: endpoint: localhost:4319 tls: client_ca_file: ca.crt cert_file: server.crt key_file: server.key exporters: otlp: endpoint: https://localhost:4319 tls: key_file: edge-cert.key cert_file: edge-cert.crt ca_file: ca.crt tpm: enabled: true path: /dev/tpmrm0 debug: verbosity: normal service: telemetry: metrics: address: localhost:8889 pipelines: metrics/client: receivers: [otlp] exporters: [otlp] metrics/server: receivers: [otlp/server] exporters: [debug] ``` <!--Describe the documentation added.--> #### Documentation <!--Please delete paragraphs that you did not use before submitting.--> Signed-off-by: Pavol Loffay <[email protected]>
songy23
pushed a commit
that referenced
this issue
May 21, 2025
<!--Ex. Fixing a bug - Describe the bug and how this fixes the issue. Ex. Adding a feature - Explain what this achieves.--> #### Description <!-- Issue number (e.g. #1234) or full URL to issue, if applicable. --> #### Link to tracking issue Updates #38682 <!--Describe what testing was performed and which tests were added.--> #### Testing <!--Describe the documentation added.--> #### Documentation <!--Please delete paragraphs that you did not use before submitting.--> --------- Signed-off-by: Pavol Loffay <[email protected]>
dragonlord93
pushed a commit
to dragonlord93/opentelemetry-collector-contrib
that referenced
this issue
May 23, 2025
<!--Ex. Fixing a bug - Describe the bug and how this fixes the issue. Ex. Adding a feature - Explain what this achieves.--> #### Description <!-- Issue number (e.g. open-telemetry#1234) or full URL to issue, if applicable. --> #### Link to tracking issue Updates open-telemetry#38682 <!--Describe what testing was performed and which tests were added.--> #### Testing <!--Describe the documentation added.--> #### Documentation <!--Please delete paragraphs that you did not use before submitting.--> --------- Signed-off-by: Pavol Loffay <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
The purpose and use-cases of the new component
I would like to introduce a new extension which would enable reading TLS certificates from trusted platform module (TPM)
We see a common requirement to read TLS certificates from TPM when the collector runs on an edge device.
See:
Example configuration for the component
Telemetry data types supported
all
Code Owner(s)
pavolloffay
Sponsor (optional)
No response
Additional context
It seems the extension could be implemented via:
The text was updated successfully, but these errors were encountered: