9.6-1760371752

latest

Overview

Description

FDO Manufacturing Server container

The server side implementation of the "Device Initialize" protocol, the FDO Manufacturing Server is responsible for signing a device and creating a voucher used for device ownership.

Generate the needed certificates and keys

Install the fdo-admin-cli tool by running the following command:

dnf install fdo-admin-cli

To generate the needed certificates and keys:

 mkdir keys
 for i in "diun" "manufacturer" "device-ca" "owner"; do fdo-admin-tool generate-key-and-cert $i; done

This will populate the 'keys' directory with all the certificates and keys needed to use the various FDO containers. Below is a list of which containers will need which certificates and keys.

fdo-manufacturing-server: diun_key.der, diun_cert.pem, manufacturer_cert.pem, manufacturer_cert.der, owner_cert.pem, device_ca_key.der, device_ca_cert.pem

fdo-rendezvous-server: manufacturer_cert.pem

fdo-owner-onboarding-server: device_ca_cert.pem, owner_key.der owner_cert.pem

fdo-serviceinfo-api-server: None

Usage with Podman

Edit the example configuration file to adjust the paths used on the local system.

podman run -d \
    --name fdo-manufacturing-server \
    -p 8080:8080 \
    -v /local/path/to/keys/:/etc/fdo/keys:Z \
    -v /local/path/to/config:/etc/fdo/manufacturing-server.conf.d/:Z \
    -v /local/path/to/stores:/etc/fdo/stores/:Z \
    registry.redhat.io/rhel9/fdo-manufacturing-server

Ports

`8080/tcp`

The Manufacturing server listens on this port by default.

Additional Usage Documentation

https://github.com/fedora-iot/fido-device-onboard-rs/blob/main/HOWTO.md

Upstream Documentation

https://fidoalliance.org/specs/FDO/FIDO-Device-Onboard-RD-v1.1-20211214/FIDO-device-onboard-spec-v1.1-rd-20211214.html

Products using this container

Red Hat Enterprise Linux 9

The leading enterprise operating system to speed application delivery across physical, virtual, and cloud environments.

Containerized application

FIDO Device Onboarding Servers

An implementation of the FIDO Device Onboard Specification written in rust.

Containerized application

Security

Packages

Containerfile

Get this image

Terms & conditionsBefore downloading or using this Container, you must agree to the Red Hat subscription agreement located at redhat.com/licenses. If you do not agree with these terms, do not download or use the Container. If you have an existing Red Hat Enterprise Agreement (or other negotiated agreement with Red Hat) with terms that govern subscription services associated with Containers, then your existing agreement will control.

Using registry tokens

RegistryCopy to Clipboard

RepositoryCopy to Clipboard

Manifest List DigestCopy to Clipboard

Image DigestCopy to Clipboard

Use the following instructions to get images from a Red Hat container registry using registry service account tokens. You will need to create a registry service account to use prior to completing any of the following tasks.

Using OpenShift secrets

First, you will need to add a reference to the appropriate secret and repository to your Kubernetes pod configuration via an imagePullSecrets field.

Copy to Clipboard

Then, use the following from the command line or from the OpenShift Dashboard GUI interface.

Copy to Clipboard

Using podman login

Use the following command(s) from a system with podman installed

Copy to Clipboard

Using docker login

Use the following command(s) from a system with docker service installed and running

Copy to Clipboard

RegistryCopy to Clipboard

RepositoryCopy to Clipboard

Manifest List DigestCopy to Clipboard

Image DigestCopy to Clipboard

Use the following instructions to get images from a Red Hat container registry using your Red Hat login.

Using OpenShift

For best practices, it is recommended to use registry tokens when pulling content for OpenShift deployments.

Using podman login

Use the following command(s) from a system with podman installed

Copy to Clipboard

Using docker login

Use the following command(s) from a system with docker service installed and running

Copy to Clipboard

Get the source

RegistryCopy to Clipboard

RepositoryCopy to Clipboard

Manifest List DigestCopy to Clipboard

Image DigestCopy to Clipboard

Getting source containers

Source code is available for all Red Hat UBI-based images in the form of downloadable containers. Here are a few things you should know about Red Hat source containers.

Although they are packaged as containers, source containers cannot be run. So instead of using podman pull to get them to your system, use the skopeo command.
Source containers are named based on the binary containers they represent. So, for example, to get the source container for a particular standard RHEL UBI 8 container (registry.access.redhat.com/ubi8/ubi8.1-397) you simply append -source to get the source code container for that image (registry.access.redhat.com/ubi8/ubi8.1-397-source).
The skopeo command is recommended for getting source containers. With skopeo, you copy a source container to a directory on your local system for you to examine.
Once a source container is copied to a local directory, you can use a combination of tar,gzip, and rpm commands to work with that content.

Step one

Use skopeo to copy the source image to a local directory

Copy to Clipboard

Step two

Inspect the image

Copy to Clipboard

Step three

Untar the contents

Copy to Clipboard

Step four

Begin examining and using the content.

Generate the needed certificates and keys

Install the fdo-admin-cli tool by running the following command:

dnf install fdo-admin-cli

To generate the needed certificates and keys:

mkdir keys for i in "diun" "manufacturer" "device-ca" "owner"; do fdo-admin-tool generate-key-and-cert $i; done

This will populate the 'keys' directory with all the certificates and keys needed to use the various FDO containers. Below is a list of which containers will need which certificates and keys.

fdo-manufacturing-server: diun_key.der, diun_cert.pem, manufacturer_cert.pem, manufacturer_cert.der, owner_cert.pem, device_ca_key.der, device_ca_cert.pem

fdo-rendezvous-server: manufacturer_cert.pem

fdo-owner-onboarding-server: device_ca_cert.pem, owner_key.der owner_cert.pem

fdo-serviceinfo-api-server: None

Usage with Podman

Edit the example configuration file to adjust the paths used on the local system.

podman run -d \ --name fdo-manufacturing-server \ -p 8080:8080 \ -v /local/path/to/keys/:/etc/fdo/keys:Z \ -v /local/path/to/config:/etc/fdo/manufacturing-server.conf.d/:Z \ -v /local/path/to/stores:/etc/fdo/stores/:Z \ registry.redhat.io/rhel9/fdo-manufacturing-server

Getting source containers

Source code is available for all Red Hat UBI-based images in the form of downloadable containers. Here are a few things you should know about Red Hat source containers.

Although they are packaged as containers, source containers cannot be run. So instead of using podman pull to get them to your system, use the skopeo command.

Source containers are named based on the binary containers they represent. So, for example, to get the source container for a particular standard RHEL UBI 8 container (registry.access.redhat.com/ubi8/ubi8.1-397) you simply append -source to get the source code container for that image (registry.access.redhat.com/ubi8/ubi8.1-397-source).

The skopeo command is recommended for getting source containers. With skopeo, you copy a source container to a directory on your local system for you to examine.

Once a source container is copied to a local directory, you can use a combination of tar,gzip, and rpm commands to work with that content.

FDO Manufacturing Server

Description

FDO Manufacturing Server container

Generate the needed certificates and keys

Usage with Podman

Ports

8080/tcp

Additional Usage Documentation

Upstream Documentation

Products using this container

Red Hat Enterprise Linux 9

FIDO Device Onboarding Servers

Published

Release category

Digest

Using OpenShift secrets

Using podman login

Using docker login

Using OpenShift

Using podman login

Using docker login

Getting source containers

Step one

Step two

Step three

Step four

Platforms

Products & services

Try, buy, sell

Help

About Red Hat Ecosystem Catalog

Red Hat legal and privacy links

Red Hat legal and privacy links

FDO Manufacturing Server

Description

FDO Manufacturing Server container

Generate the needed certificates and keys

Usage with Podman

Ports

8080/tcp

Additional Usage Documentation

Upstream Documentation

Products using this container

Red Hat Enterprise Linux 9

FIDO Device Onboarding Servers

Published

Release category

Digest

Using OpenShift secrets

Using podman login

Using docker login

Using OpenShift

Using podman login

Using docker login

Getting source containers

Step one

Step two

Step three

Step four

`8080/tcp`

`8080/tcp`