Constellation 💖 mkosi — Minimal TCB, tailor-made for measured boot

The latest version 2.2.0 of Constellation, our Confidential Kubernetes Engine, has exciting new features. Let's have a look at how mkosi helps to reduce the trusted computing base (TCB), simplify the measured boot chain and harden the user space all while delivering the latest Linux kernel optimized for containerized workloads.

All of those features (and more) are used in Constellation starting with v2.2.0:

• Smaller TCB: going from ~400 packages down to ~200
• Hardened boot chain: switch from GRUB to systemd-boot
• Improved measured boot of kernel components using UKIs
• Secure Boot signing
• Fully immutable user space: only the state of Kubernetes is stored in an encrypted disk. Everything else is strictly read-only and protected by dm-verity
• Faster build times
• Smaller raw image size: from 10GB down to 600MB

Where we started

Previously, Constellation was built on top of Fedora CoreOS, a specialized version of Fedora designed for containers. It's a great base for Kubernetes and uses OSTree for transactional updates --- making the underlying filesystem almost immutable. This made it straightforward for us to add in extra features required for measured boot, most importantly dm-verity for protection of the root file system.

Looking at the boot chain used by Fedora CoreOS, we identified potential optimizations:

• GRUB is used as part of a measured boot chain
• Kernel, commandline, and initramfs are loaded and measured individually
• Handling of dm-verity includes customized tooling in the initramfs boot phase

GRUB is a great bootloader for complex setups. It supports legacy boot, dual boot, has a sophisticated configuration format, and much more. Only a tiny subset of this functionality is needed for Constellation.

CoreOS is already smaller than general-purpose Linux as it is tailored for containers. Still, it ships ~400 packages by default and we only need a fraction of those. Reducing the amount of code in our images is a great way to shrink the trusted computing base and improve the overall security of Constellation.

What mkosi brings to the table

This is where mkosi comes in. mkosi (short for "Make Operating System Image") takes a declarative configuration and builds an OS image from it. It supports all of the popular Linux distributions including Fedora and has excellent support for immutable images and measured boot.

How does all of this work? At the core, mkosi uses the bootstrapping mechanisms provided by the distribution's package manager. For Debian-based distributions, this can be achieved using Debootstrap, on Fedora it uses dnf --installroot. Constellation uses a minimal set of required packages, reducing the image size and potential for vulnerable components.

But it gets better. Instead of GRUB and individual kernel, initramfs, and command line, Constellation now uses the much smaller systemd-boot as the bootloader and a unified kernel image (UKI), combining the kernel, initramfs, and command line into one component that is loaded and measured together.

mkosi can also protect the root filesystem with dm-verity by itself without customized tooling required. Lastly, mkosi can sign every component of the boot chain for Secure Boot, out of the box.

🤫 One more thing: we are working on generating SBOMs for Constellation OS images and have more to announce soon.

We are excited to see what you can do with Constellation! Read the docs for more information or say hi on discord.

Author: Malte Poll