Bug 2075529 (fido-fdo)

Summary: Support FIDO Device Onboarding
Product: [Fedora] Fedora Reporter: Ben Cotton <bcotton>
Component: Changes TrackingAssignee: Peter Robinson <pbrobinson>
Status: CLOSED ERRATA QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 37CC: amurdaca, bcotton, pbrobinson, perobins, rlucente
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-11-15 16:22:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2100555, 2105042, 2105044    
Bug Blocks: 2016049    

Description Ben Cotton 2022-04-14 12:55:57 UTC 
This is a tracking bug for Change: Support FIDO Device Onboarding
For more details, see: https://fedoraproject.org/wiki/Changes/FIDODeviceOnboarding

Package and enable the FIDO Device Onboarding software stack for Zero Touch Onboarding on Fedora IoT.

If you encounter a bug related to this Change, please do not comment here. Instead create a new bug and set it to block this bug.
Comment 1 Ben Cotton 2022-08-09 16:02:52 UTC 
Today we reached the Code Complete (Testable) milestone on the F37 schedule: https://fedorapeople.org/groups/schedule/f-37/f-37-key-tasks.html

At this time, all F37 Changes should be complete enough to be testable. You can indicate this by setting this tracker to the MODIFIED status. If the Change is 100% code complete, you can set the tracker to ON_QA. If you need to defer this Change to F38, please NEEDINFO me.

Changes that have not reached at least the MODIFIED status will be given to FESCo for evaluation of contingency plans.
Comment 2 Peter Robinson 2022-08-16 08:21:38 UTC 
We're almost there for this.
Comment 3 Ben Cotton 2022-08-23 19:20:29 UTC 
Today we reached the Code Complete (100% complete) milestone on the F37 schedule: https://fedorapeople.org/groups/schedule/f-37/f-37-key-tasks.html

At this time, all F37 Changes should be 100% complete. You can indicate this by setting this tracker to the ON_QA status. If you need to defer this Change to F38 please NEEDINFO me.

Note that we are entering the Beta freeze. Additional package changes to complete this Change will need an approved blocker or freeze exception. See https://fedoraproject.org/wiki/QA:SOP_blocker_bug_process and https://fedoraproject.org/wiki/QA:SOP_freeze_exception_bug_process for more information.

Changes that have not reached the ON_QA status will be given to FESCo for evaluation of contingency plans.
Comment 4 Peter Robinson 2022-09-01 13:13:23 UTC 
Still going to ship this in F-37, it's a package set after all, it won't be default in IoT in F-37
Comment 5 Rich Lucente 2022-09-22 15:50:49 UTC 
My customers desire control over the certificates/keys used in the FDO process. I have scripts here ... https://github.com/rlucente-se-jboss/intranet-test-certs ... that will generate certs/keys in a quick and dirty way that mirror my customer's use case, but RH Certificate System is officially used by them for their PKI implementation. Please let me know if there's another ticket where this comment belongs.
Comment 6 Peter Robinson 2022-09-22 17:30:48 UTC 
(In reply to Rich Lucente from comment #5)
> My customers desire control over the certificates/keys used in the FDO
> process. I have scripts here ...
> https://github.com/rlucente-se-jboss/intranet-test-certs ... that will
> generate certs/keys in a quick and dirty way that mirror my customer's use
> case, but RH Certificate System is officially used by them for their PKI
> implementation. Please let me know if there's another ticket where this
> comment belongs.

The upstream tracking for certs from a central authority is here: https://github.com/fedora-iot/fido-device-onboard-rs/issues/298
Comment 7 Ben Cotton 2022-11-15 16:22:28 UTC 
F37 was released today, so I am closing this tracker. If this Change was not completed, please notify me ASAP.
Comment 8 Fedora Update System 2023-06-14 17:11:56 UTC 
FEDORA-2023-d1097102e9 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-d1097102e9
Comment 9 Fedora Update System 2023-06-15 01:40:33 UTC 
FEDORA-2023-d1097102e9 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf install --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-d1097102e9 \*`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-d1097102e9

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 10 Fedora Update System 2023-06-23 01:01:27 UTC 
FEDORA-2023-d1097102e9 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.