types/persist: add AttestationKey (#17281)

Extend Persist with AttestationKey to record a hardware-backed attestation key for the node's identity. Add a flag to tailscaled to allow users to control the use of hardware-backed keys to bind node identity to individual machines. Updates tailscale/corp#31269 Change-Id: Idcf40d730a448d85f07f1bebf387f086d4c58be3 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
2025-10-10 10:28:36 -07:00
parent a2dc517d7d
commit e45557afc0
26 changed files with 370 additions and 42 deletions
@@ -43,6 +43,7 @@ var implicitDefinitions = []*setting.Definition{
 	setting.NewDefinition(pkey.PostureChecking, setting.DeviceSetting, setting.PreferenceOptionValue),
 	setting.NewDefinition(pkey.ReconnectAfter, setting.DeviceSetting, setting.DurationValue),
 	setting.NewDefinition(pkey.Tailnet, setting.DeviceSetting, setting.StringValue),
+	setting.NewDefinition(pkey.HardwareAttestation, setting.DeviceSetting, setting.BooleanValue),

 	// User policy settings (can be configured on a user- or device-basis):
 	setting.NewDefinition(pkey.AdminConsoleVisibility, setting.UserSetting, setting.VisibilityValue),