New component: tpmextesion - trusted platform module

[pavolloffay]

The purpose and use-cases of the new component

I would like to introduce a new extension which would enable reading TLS certificates from trusted platform module (TPM)

We see a common requirement to read TLS certificates from TPM when the collector runs on an edge device.

See:

• https://github.com/tpm2-software/tpm2-tools/blob/master/man/tpm2.1.md
• https://github.com/google/go-tpm/tree/main/tpm2
• https://github.com/google/go-tpm-tools
• Load TSS2 Private Key generated with tpm2tss-genkey google/go-tpm#312
• https://github.com/Foxboron/go-tpm-keyfiles
• Add TPM key support aws/rolesanywhere-credential-helper#38

Example configuration for the component

  cert_index: 0x01C00002
  key_index: 0x01C00003
  ca_index: 0x01C00004
  client_ca_index: 0x01C00005

Telemetry data types supported

all

Code Owner(s)

pavolloffay

Sponsor (optional)

No response

Additional context

It seems the extension could be implemented via:

• client https://github.com/open-telemetry/opentelemetry-collector/blob/10121222d11df2bc0e7c375bd03f3216d892d4f9/extension/extensionauth/client.go#L95
• sever authenticator receives only HTTP headers, there is not API to change TLS certificates https://github.com/open-telemetry/opentelemetry-collector/blob/10121222d11df2bc0e7c375bd03f3216d892d4f9/extension/extensionauth/server.go#L30

• https://github.com/open-telemetry/opentelemetry-collector/blob/main/config/configtls/README.md

[atoulme]

I can sponsor this component.