GridTrust Server Setup

GridTrust Server Setup

 

The GridTrust Server acts as the repository for software updates and software signatures. The server additionally verifies authentication of the GridTrust devices via the device’s PUF before issuing authorization for a software update to occur.

GitHub Link

Devices Utilized:

Dell Precision 5560

Software Utilized:

Operating System – Fedora 37

Reverse Proxy – Nginx

Docker / Docker-Compose

Database – Postgresql

Server Configuration

We utilized Fedora 37 for our GridTrust implementation. Other linux distributions should function as well but have not been tested by us.

After installing Fedora onto the target computer, we require several software packages.

1. Install Docker

2. Install Rust

3. Install OpenSSL

    • sudo dnf -y install openssl openssl-devel

4. Create a Postgresql Container

5. Set Up Postgresql Database

    1. Log into the docker postgresql container
    2. Run all commands in the Github provided file sql_setup
      • Edit AES keys and counter files as desired

6. Set Up Server file structure

    • Run the provided file_struct_setup.sh
    • sudo sh server_file_struct_setup.sh

7. Set Up Reverse Proxy

    1. Install nginx
      • https://developer.fedoraproject.org/start/sw/web-app/nginx.html
      • https://nginx.org/en/
    2. Replace nginx config file with nginx-config found in Github repository
    3. Restart nginx
      1. sudo nginx -s reload

8. Create new rust project at desired location

    1. cargo new server
    2. Replace files in ../server/src with Github server/code/src files
    3. Replace ../server/cargo.toml with Github server/cargo.toml
    4. Run cargo build

9. Create a self-signed certificate for TLS / nginx usage.

10. Create asymmetric keys pairs for signing update files (one pair for the vendor, one pair for the utility)

    1. Run the Github script server/create_keys.sh