Affected by GO-2023-1583 and 3 other vulnerabilities

GO-2023-1583: User data in TPM attestation vulnerable to MITM in github.com/edgelesssys/constellation

GO-2023-1622: Constellation allows Emergency shell access during initramfs boot phase in github.com/edgelesssys/constellation

GO-2024-2727: Constellation has pods exposed to peers in VPC in github.com/edgelesssys/constellation

GO-2025-4076: Constellation has insecure LUKS2 persistent storage partitions which may be opened and used in github.com/edgelesssys/constellation

csi/

Details

These packages are intended to be used by Kubernetes CSI drivers to enable transparent encryption of storage on the node.

This package uses the C library libcryptsetup for device mapping and crypto operations.

Install on Ubuntu:

sudo apt install libcryptsetup12 libcryptsetup-dev

Install on Fedora:

sudo dnf install cryptsetup-libs cryptsetup-devel

Running the integration test requires root privileges. Build and run the test:

go test -c -tags=integration ./test/
sudo ./test.test

Path	Synopsis
cryptmapper
kms