GridTrust Server Setup
The GridTrust Server acts as the repository for software updates and software signatures. The server additionally verifies authentication of the GridTrust devices via the device’s PUF before issuing authorization for a software update to occur.
Devices Utilized:
Dell Precision 5560
Software Utilized:
Operating System – Fedora 37
Reverse Proxy – Nginx
Docker / Docker-Compose
Database – Postgresql
Server Configuration
We utilized Fedora 37 for our GridTrust implementation. Other linux distributions should function as well but have not been tested by us.
After installing Fedora onto the target computer, we require several software packages.
1. Install Docker
2. Install Rust
3. Install OpenSSL
-
sudo dnf -y install openssl openssl-devel
4. Create a Postgresql Container
-
- https://tms-dev-blog.com/postgresql-database-with-rust-how-to/
- Follow steps to start the postgresql container, don’t create a new Rust project
- Check the GitHub link for the provided configuration script (docker-compose.yaml)
- https://tms-dev-blog.com/postgresql-database-with-rust-how-to/
5. Set Up Postgresql Database
-
- Log into the docker postgresql container
- Run all commands in the Github provided file sql_setup
- Edit AES keys and counter files as desired
6. Set Up Server file structure
-
- Run the provided file_struct_setup.sh
sudo sh server_file_struct_setup.sh
7. Set Up Reverse Proxy
-
- Install nginx
- https://developer.fedoraproject.org/start/sw/web-app/nginx.html
- https://nginx.org/en/
- Replace nginx config file with nginx-config found in Github repository
- Restart nginx
sudo nginx -s reload
- Install nginx
8. Create new rust project at desired location
-
cargo new server
- Replace files in
../server/src
with Github server/code/src files - Replace
../server/cargo.toml
with Github server/cargo.toml - Run
cargo build
9. Create a self-signed certificate for TLS / nginx usage.
10. Create asymmetric keys pairs for signing update files (one pair for the vendor, one pair for the utility)
-
- Run the Github script server/create_keys.sh