refactor(initramfs): rename rotd to trustd (#148)

2025-08-26 17:11:19 +02:00 · 2018-08-30 07:45:15 -07:00 · 2018-08-30 07:45:15 -07:00 · b370ce043e
commit b370ce043e
parent 80b5e3631a
13 changed files with 114 additions and 106 deletions
--- a/src/image/.conform.yaml
+++ b/src/image/.conform.yaml
@ -65,6 +65,6 @@ tasks:
      COPY --from=dianemo/kernel:{{ .Docker.Image.Tag }} /tmp/lib/modules /generated/rootfs/lib/modules
      COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/osd /generated/rootfs/bin/osd
      COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/proxyd /generated/rootfs/bin/proxyd
-      COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/rotd /generated/rootfs/bin/rotd
+      COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/trustd /generated/rootfs/bin/trustd
      COPY --from=dianemo/initramfs:{{ .Docker.Image.Tag }} /tmp/init /generated/rootfs/bin/init
      RUN {{if .Git.IsClean}}XZ_OPT=-9e{{else}}XZ_OPT=-0{{end}} tar -cvpJf /generated/rootfs.tar.xz -C /generated/rootfs .
--- a/src/initramfs/.conform.yaml
+++ b/src/initramfs/.conform.yaml
@ -15,20 +15,20 @@ stages:
      destination: ../../build/osctl-darwin-amd64
    tasks:
    - src
    - osd
    - proxyd
    - rotd
    - osctl
    - init
    - test
    - initramfs
    - trustd
    - proxyd
    - osd
    - osctl
    - test
    - image
  generate:
    artifacts:
    - source: /src/github.com/autonomy/dianemo/src/initramfs/cmd/osd/proto
      destination: ./cmd/osd
-    - source: /src/github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto
+    - source: /src/github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto
-      destination: ./cmd/rotd
+      destination: ./cmd/trustd
    tasks:
    - proto
 tasks:
@ -36,13 +36,13 @@ tasks:
    template: |
      FROM scratch
      WORKDIR /tmp
      COPY --from=src /osctl-linux-amd64 osctl-linux-amd64
      COPY --from=src /osctl-darwin-amd64 osctl-darwin-amd64
      COPY --from=src /osd osd
      COPY --from=src /proxyd proxyd
      COPY --from=src /rotd rotd
      COPY --from=src /initramfs/init init
      COPY --from=src /initramfs/initramfs.xz initramfs.xz
      COPY --from=src /trustd trustd
      COPY --from=src /proxyd proxyd
      COPY --from=src /osd osd
      COPY --from=src /osctl-linux-amd64 osctl-linux-amd64
      COPY --from=src /osctl-darwin-amd64 osctl-darwin-amd64
      CMD false
  init:
    template: |
@ -107,27 +107,22 @@ tasks:
      WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/osd
      COPY ./cmd/osd/proto ./proto
      RUN protoc -I/usr/local/include -I./proto --go_out=plugins=grpc:proto proto/api.proto
-      WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/rotd
+      WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/trustd
-      COPY ./cmd/rotd/proto ./proto
+      COPY ./cmd/trustd/proto ./proto
      RUN protoc -I/usr/local/include -I./proto --go_out=plugins=grpc:proto proto/api.proto
  proxyd:
    template: |
      WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }}
      {{ if and .Git.IsClean .Git.IsTag }}
      RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build  -a \
-        -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=ProxyD -X {{ index .Variables "versionPath" }}.Tag={{ .Git.Tag }} -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }} -X \"{{ index .Variables "versionPath" }}.Built={{ .Built }}\"" \
+        -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Proxyd -X {{ index .Variables "versionPath" }}.Tag={{ .Git.Tag }} -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }} -X \"{{ index .Variables "versionPath" }}.Built={{ .Built }}\"" \
        -o /{{ .Docker.CurrentStage }}
      {{ else }}
      RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \
-        -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=ProxyD -X {{ index .Variables "versionPath" }}.Tag=none -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }}" \
+        -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Proxyd -X {{ index .Variables "versionPath" }}.Tag=none -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }}" \
        -o /{{ .Docker.CurrentStage }}
      {{ end }}
      RUN chmod +x /{{ .Docker.CurrentStage }}
  rotd:
    template: |
      WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }}
      RUN CGO_ENABLED=0 go build -a -ldflags "-s -w" -o /{{ .Docker.CurrentStage }}
      RUN chmod +x /{{ .Docker.CurrentStage }}
  src:
    template: |
      FROM dianemo/tools:{{ .Docker.Image.Tag }} AS {{ .Docker.CurrentStage }}
@ -147,3 +142,16 @@ tasks:
      RUN chmod +x ./hack/test.sh
      RUN ./hack/test.sh --lint ./hack/golangci-lint.yaml
      RUN ./hack/test.sh --unit
  trustd:
    template: |
      WORKDIR /src/github.com/autonomy/dianemo/src/initramfs/cmd/{{ .Docker.CurrentStage }}
      {{ if and .Git.IsClean .Git.IsTag }}
      RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build  -a \
        -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Trustd -X {{ index .Variables "versionPath" }}.Tag={{ .Git.Tag }} -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }} -X \"{{ index .Variables "versionPath" }}.Built={{ .Built }}\"" \
        -o /{{ .Docker.CurrentStage }}
      {{ else }}
      RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -a \
        -ldflags "-s -w -X {{ index .Variables "versionPath" }}.Name=Trustd -X {{ index .Variables "versionPath" }}.Tag=none -X {{ index .Variables "versionPath" }}.SHA={{ .Git.SHA }}" \
        -o /{{ .Docker.CurrentStage }}
      {{ end }}
      RUN chmod +x /{{ .Docker.CurrentStage }}
--- a/src/initramfs/cmd/init/main.go
+++ b/src/initramfs/cmd/init/main.go
@ -110,8 +110,8 @@ func root() (err error) {
 	log.Println("starting OS services")
 	services.Start(&service.OSD{})
 	if data.Services.Kubeadm.Init != nil {
-		services.Start(&service.ROTD{})
+		services.Start(&service.Trustd{})
-		services.Start(&service.ProxyD{})
+		services.Start(&service.Proxyd{})
 	}
 	// Start the services essential to running Kubernetes.
--- a/src/initramfs/cmd/init/pkg/service/kubeadm.go
+++ b/src/initramfs/cmd/init/pkg/service/kubeadm.go
@ -15,7 +15,7 @@ import (
 	"github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/constants"
 	"github.com/autonomy/dianemo/src/initramfs/cmd/init/pkg/service/conditions"
-	"github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto"
+	"github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/crypto/x509"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/grpc/middleware/auth/basic"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/net"
@ -90,8 +90,8 @@ func (p *Kubeadm) Post(data userdata.UserData) (err error) {
 	creds := basic.NewCredentials(
 		data.Security.OS.CA.Crt,
-		data.Services.ROTD.Username,
+		data.Services.Trustd.Username,
-		data.Services.ROTD.Password,
+		data.Services.Trustd.Password,
 	)
 	var conn *grpc.ClientConn
@ -107,7 +107,7 @@ func (p *Kubeadm) Post(data userdata.UserData) (err error) {
 	if err != nil {
 		return
 	}
-	client := proto.NewROTDClient(conn)
+	client := proto.NewTrustdClient(conn)
 	files := []string{
 		"/etc/kubernetes/pki/ca.crt",
@ -248,7 +248,7 @@ func parse(data userdata.UserData) ([]byte, error) {
 	return buf.Bytes(), err
 }
-func writeFiles(client proto.ROTDClient, files []string) (err error) {
+func writeFiles(client proto.TrustdClient, files []string) (err error) {
 	errChan := make(chan error)
 	doneChan := make(chan bool)
 	ctx, cancelFunc := context.WithTimeout(context.Background(), 5*time.Minute)
--- a/src/initramfs/cmd/init/pkg/service/proxyd.go
+++ b/src/initramfs/cmd/init/pkg/service/proxyd.go
@ -6,22 +6,22 @@ import (
 	"github.com/autonomy/dianemo/src/initramfs/pkg/userdata"
 )
-// ProxyD implements the Service interface. It serves as the concrete type with
+// Proxyd implements the Service interface. It serves as the concrete type with
 // the required methods.
-type ProxyD struct{}
+type Proxyd struct{}
 // Pre implements the Service interface.
-func (p *ProxyD) Pre(data userdata.UserData) error {
+func (p *Proxyd) Pre(data userdata.UserData) error {
 	return nil
 }
 // Post implements the Service interface.
-func (p *ProxyD) Post(data userdata.UserData) (err error) {
+func (p *Proxyd) Post(data userdata.UserData) (err error) {
 	return nil
 }
 // Cmd implements the Service interface.
-func (p *ProxyD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error {
+func (p *Proxyd) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error {
 	cmdArgs.Name = "proxyd"
 	cmdArgs.Path = "/bin/proxyd"
 	cmdArgs.Args = []string{}
@ -30,12 +30,12 @@ func (p *ProxyD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error {
 }
 // Condition implements the Service interface.
-func (p *ProxyD) Condition(data userdata.UserData) func() (bool, error) {
+func (p *Proxyd) Condition(data userdata.UserData) func() (bool, error) {
 	return conditions.WaitForFileExists("/etc/kubernetes/admin.conf")
 }
 // Env implements the Service interface.
-func (p *ProxyD) Env() []string { return []string{} }
+func (p *Proxyd) Env() []string { return []string{} }
 // Type implements the Service interface.
-func (p *ProxyD) Type() Type { return Forever }
+func (p *Proxyd) Type() Type { return Forever }
--- a/src/initramfs/cmd/init/pkg/service/rotd.go
+++ b/src/initramfs/cmd/init/pkg/service/rotd.go
@ -7,24 +7,24 @@ import (
 	"github.com/autonomy/dianemo/src/initramfs/pkg/userdata"
 )
-// ROTD implements the Service interface. It serves as the concrete type with
+// Trustd implements the Service interface. It serves as the concrete type with
 // the required methods.
-type ROTD struct{}
+type Trustd struct{}
 // Pre implements the Service interface.
-func (p *ROTD) Pre(data userdata.UserData) error {
+func (p *Trustd) Pre(data userdata.UserData) error {
 	return nil
 }
 // Post implements the Service interface.
-func (p *ROTD) Post(data userdata.UserData) (err error) {
+func (p *Trustd) Post(data userdata.UserData) (err error) {
 	return nil
 }
 // Cmd implements the Service interface.
-func (p *ROTD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error {
+func (p *Trustd) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error {
-	cmdArgs.Name = "rotd"
+	cmdArgs.Name = "trustd"
-	cmdArgs.Path = "/bin/rotd"
+	cmdArgs.Path = "/bin/trustd"
 	cmdArgs.Args = []string{
 		"--port=50001",
 		"--userdata=" + constants.UserDataPath,
@ -34,12 +34,12 @@ func (p *ROTD) Cmd(data userdata.UserData, cmdArgs *CmdArgs) error {
 }
 // Condition implements the Service interface.
-func (p *ROTD) Condition(data userdata.UserData) func() (bool, error) {
+func (p *Trustd) Condition(data userdata.UserData) func() (bool, error) {
 	return conditions.None()
 }
 // Env implements the Service interface.
-func (p *ROTD) Env() []string { return []string{} }
+func (p *Trustd) Env() []string { return []string{} }
 // Type implements the Service interface.
-func (p *ROTD) Type() Type { return Forever }
+func (p *Trustd) Type() Type { return Forever }
--- a/src/initramfs/cmd/osd/main.go
+++ b/src/initramfs/cmd/osd/main.go
@ -39,20 +39,20 @@ func main() {
 	}
 	if *generate {
-		if len(data.Services.ROTD.Endpoints) == 0 {
+		if len(data.Services.Trustd.Endpoints) == 0 {
 			log.Fatalf("at least one root of trust endpoint is required")
 		}
 		creds := basic.NewCredentials(
 			data.Security.OS.CA.Crt,
-			data.Services.ROTD.Username,
+			data.Services.Trustd.Username,
-			data.Services.ROTD.Password,
+			data.Services.Trustd.Password,
 		)
 		// TODO: In the case of failure, attempt to generate the identity from
 		// another RoT.
 		var conn *grpc.ClientConn
-		conn, err = basic.NewConnection(data.Services.ROTD.Endpoints[0], *rotPort, creds)
+		conn, err = basic.NewConnection(data.Services.Trustd.Endpoints[0], *rotPort, creds)
 		if err != nil {
 			return
 		}
--- a/src/initramfs/cmd/osd/pkg/gen/gen.go
+++ b/src/initramfs/cmd/osd/pkg/gen/gen.go
@ -9,7 +9,7 @@ import (
 	stdlibnet "net"
 	"time"
-	"github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto"
+	"github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/crypto/x509"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/net"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/userdata"
@ -18,19 +18,19 @@ import (
 // Generator represents the OS identity generator.
 type Generator struct {
-	client proto.ROTDClient
+	client proto.TrustdClient
 }
 // NewGenerator initializes a Generator with a preconfigured grpc.ClientConn.
 func NewGenerator(conn *grpc.ClientConn) (g *Generator) {
-	client := proto.NewROTDClient(conn)
+	client := proto.NewTrustdClient(conn)
 	return &Generator{
 		client: client,
 	}
 }
-// Certificate implements the proto.ROTDClient interface.
+// Certificate implements the proto.TrustdClient interface.
 func (g *Generator) Certificate(in *proto.CertificateRequest) (resp *proto.CertificateResponse, err error) {
 	ctx := context.Background()
 	resp, err = g.client.Certificate(ctx, in)
--- a/src/initramfs/cmd/trustd/main.go
+++ b/src/initramfs/cmd/trustd/main.go
@ -4,7 +4,7 @@ import (
 	"flag"
 	"log"
-	"github.com/autonomy/dianemo/src/initramfs/cmd/rotd/pkg/reg"
+	"github.com/autonomy/dianemo/src/initramfs/cmd/trustd/pkg/reg"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/grpc/factory"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/grpc/middleware/auth/basic"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/grpc/tls"
@ -40,8 +40,8 @@ func main() {
 	creds := basic.NewCredentials(
 		data.Security.OS.CA.Crt,
-		data.Services.ROTD.Username,
+		data.Services.Trustd.Username,
-		data.Services.ROTD.Password,
+		data.Services.Trustd.Password,
 	)
 	err = factory.Listen(
--- a/src/initramfs/cmd/trustd/pkg/reg/reg.go
+++ b/src/initramfs/cmd/trustd/pkg/reg/reg.go
@ -11,24 +11,24 @@ import (
 	"path"
 	"time"
-	"github.com/autonomy/dianemo/src/initramfs/cmd/rotd/proto"
+	"github.com/autonomy/dianemo/src/initramfs/cmd/trustd/proto"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/crypto/x509"
 	"github.com/autonomy/dianemo/src/initramfs/pkg/userdata"
 	"google.golang.org/grpc"
 )
 // Registrator is the concrete type that implements the factory.Registrator and
-// proto.ROTDServer interfaces.
+// proto.TrustdServer interfaces.
 type Registrator struct {
 	Data *userdata.OSSecurity
 }
 // Register implements the factory.Registrator interface.
 func (r *Registrator) Register(s *grpc.Server) {
-	proto.RegisterROTDServer(s, r)
+	proto.RegisterTrustdServer(s, r)
 }
-// Certificate implements the proto.ROTDServer interface.
+// Certificate implements the proto.TrustdServer interface.
 func (r *Registrator) Certificate(ctx context.Context, in *proto.CertificateRequest) (resp *proto.CertificateResponse, err error) {
 	// TODO: Verify that the request is coming from the IP addresss declared in
 	// the CSR.
@ -44,7 +44,7 @@ func (r *Registrator) Certificate(ctx context.Context, in *proto.CertificateRequ
 	return resp, nil
 }
-// WriteFile implements the proto.ROTDServer interface.
+// WriteFile implements the proto.TrustdServer interface.
 func (r *Registrator) WriteFile(ctx context.Context, in *proto.WriteFileRequest) (resp *proto.WriteFileResponse, err error) {
 	if err = os.MkdirAll(path.Dir(in.Path), os.ModeDir); err != nil {
 		return
--- a/src/initramfs/cmd/trustd/proto/api.pb.go
+++ b/src/initramfs/cmd/trustd/proto/api.pb.go
@ -35,7 +35,7 @@ func (m *CertificateRequest) Reset()         { *m = CertificateRequest{} }
 func (m *CertificateRequest) String() string { return proto.CompactTextString(m) }
 func (*CertificateRequest) ProtoMessage()    {}
 func (*CertificateRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_api_92247eb635a417db, []int{0}
+	return fileDescriptor_api_6d48f67e45b68bdd, []int{0}
 }
 func (m *CertificateRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_CertificateRequest.Unmarshal(m, b)
@ -74,7 +74,7 @@ func (m *CertificateResponse) Reset()         { *m = CertificateResponse{} }
 func (m *CertificateResponse) String() string { return proto.CompactTextString(m) }
 func (*CertificateResponse) ProtoMessage()    {}
 func (*CertificateResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_api_92247eb635a417db, []int{1}
+	return fileDescriptor_api_6d48f67e45b68bdd, []int{1}
 }
 func (m *CertificateResponse) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_CertificateResponse.Unmarshal(m, b)
@ -115,7 +115,7 @@ func (m *WriteFileRequest) Reset()         { *m = WriteFileRequest{} }
 func (m *WriteFileRequest) String() string { return proto.CompactTextString(m) }
 func (*WriteFileRequest) ProtoMessage()    {}
 func (*WriteFileRequest) Descriptor() ([]byte, []int) {
-	return fileDescriptor_api_92247eb635a417db, []int{2}
+	return fileDescriptor_api_6d48f67e45b68bdd, []int{2}
 }
 func (m *WriteFileRequest) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_WriteFileRequest.Unmarshal(m, b)
@ -167,7 +167,7 @@ func (m *WriteFileResponse) Reset()         { *m = WriteFileResponse{} }
 func (m *WriteFileResponse) String() string { return proto.CompactTextString(m) }
 func (*WriteFileResponse) ProtoMessage()    {}
 func (*WriteFileResponse) Descriptor() ([]byte, []int) {
-	return fileDescriptor_api_92247eb635a417db, []int{3}
+	return fileDescriptor_api_6d48f67e45b68bdd, []int{3}
 }
 func (m *WriteFileResponse) XXX_Unmarshal(b []byte) error {
 	return xxx_messageInfo_WriteFileResponse.Unmarshal(m, b)
@ -202,107 +202,107 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
-// ROTDClient is the client API for ROTD service.
+// TrustdClient is the client API for Trustd service.
 //
 // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
-type ROTDClient interface {
+type TrustdClient interface {
 	Certificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error)
 	WriteFile(ctx context.Context, in *WriteFileRequest, opts ...grpc.CallOption) (*WriteFileResponse, error)
 }
-type rOTDClient struct {
+type trustdClient struct {
 	cc *grpc.ClientConn
 }
-func NewROTDClient(cc *grpc.ClientConn) ROTDClient {
+func NewTrustdClient(cc *grpc.ClientConn) TrustdClient {
-	return &rOTDClient{cc}
+	return &trustdClient{cc}
 }
-func (c *rOTDClient) Certificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error) {
+func (c *trustdClient) Certificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error) {
 	out := new(CertificateResponse)
-	err := c.cc.Invoke(ctx, "/proto.ROTD/Certificate", in, out, opts...)
+	err := c.cc.Invoke(ctx, "/proto.Trustd/Certificate", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
-func (c *rOTDClient) WriteFile(ctx context.Context, in *WriteFileRequest, opts ...grpc.CallOption) (*WriteFileResponse, error) {
+func (c *trustdClient) WriteFile(ctx context.Context, in *WriteFileRequest, opts ...grpc.CallOption) (*WriteFileResponse, error) {
 	out := new(WriteFileResponse)
-	err := c.cc.Invoke(ctx, "/proto.ROTD/WriteFile", in, out, opts...)
+	err := c.cc.Invoke(ctx, "/proto.Trustd/WriteFile", in, out, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
-// ROTDServer is the server API for ROTD service.
+// TrustdServer is the server API for Trustd service.
-type ROTDServer interface {
+type TrustdServer interface {
 	Certificate(context.Context, *CertificateRequest) (*CertificateResponse, error)
 	WriteFile(context.Context, *WriteFileRequest) (*WriteFileResponse, error)
 }
-func RegisterROTDServer(s *grpc.Server, srv ROTDServer) {
+func RegisterTrustdServer(s *grpc.Server, srv TrustdServer) {
-	s.RegisterService(&_ROTD_serviceDesc, srv)
+	s.RegisterService(&_Trustd_serviceDesc, srv)
 }
-func _ROTD_Certificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+func _Trustd_Certificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(CertificateRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(ROTDServer).Certificate(ctx, in)
+		return srv.(TrustdServer).Certificate(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: "/proto.ROTD/Certificate",
+		FullMethod: "/proto.Trustd/Certificate",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ROTDServer).Certificate(ctx, req.(*CertificateRequest))
+		return srv.(TrustdServer).Certificate(ctx, req.(*CertificateRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
-func _ROTD_WriteFile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+func _Trustd_WriteFile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(WriteFileRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(ROTDServer).WriteFile(ctx, in)
+		return srv.(TrustdServer).WriteFile(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: "/proto.ROTD/WriteFile",
+		FullMethod: "/proto.Trustd/WriteFile",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(ROTDServer).WriteFile(ctx, req.(*WriteFileRequest))
+		return srv.(TrustdServer).WriteFile(ctx, req.(*WriteFileRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
-var _ROTD_serviceDesc = grpc.ServiceDesc{
+var _Trustd_serviceDesc = grpc.ServiceDesc{
-	ServiceName: "proto.ROTD",
+	ServiceName: "proto.Trustd",
-	HandlerType: (*ROTDServer)(nil),
+	HandlerType: (*TrustdServer)(nil),
 	Methods: []grpc.MethodDesc{
 		{
 			MethodName: "Certificate",
-			Handler:    _ROTD_Certificate_Handler,
+			Handler:    _Trustd_Certificate_Handler,
 		},
 		{
 			MethodName: "WriteFile",
-			Handler:    _ROTD_WriteFile_Handler,
+			Handler:    _Trustd_WriteFile_Handler,
 		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "api.proto",
 }
-func init() { proto.RegisterFile("api.proto", fileDescriptor_api_92247eb635a417db) }
+func init() { proto.RegisterFile("api.proto", fileDescriptor_api_6d48f67e45b68bdd) }
-var fileDescriptor_api_92247eb635a417db = []byte{
+var fileDescriptor_api_6d48f67e45b68bdd = []byte{
-	// 217 bytes of a gzipped FileDescriptorProto
+	// 219 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4c, 0x2c, 0xc8, 0xd4,
 	0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x05, 0x53, 0x4a, 0x6a, 0x5c, 0x42, 0xce, 0xa9, 0x45,
 	0x25, 0x99, 0x69, 0x99, 0xc9, 0x89, 0x25, 0xa9, 0x41, 0xa9, 0x85, 0xa5, 0xa9, 0xc5, 0x25, 0x42,
@ -312,9 +312,9 @@ var fileDescriptor_api_92247eb635a417db = []byte{
 	0xd5, 0x2d, 0x33, 0x07, 0x6e, 0xa4, 0x10, 0x17, 0x4b, 0x41, 0x62, 0x49, 0x06, 0x58, 0x21, 0x67,
 	0x10, 0x98, 0x0d, 0x12, 0x4b, 0x49, 0x2c, 0x49, 0x94, 0x60, 0x02, 0x6b, 0x06, 0xb3, 0xc1, 0xea,
 	0x52, 0x8b, 0x72, 0x25, 0x98, 0x15, 0x18, 0x35, 0x58, 0x83, 0xc0, 0x6c, 0x25, 0x61, 0x2e, 0x41,
-	0x24, 0xf3, 0x20, 0x56, 0x1b, 0x4d, 0x60, 0xe4, 0x62, 0x09, 0xf2, 0x0f, 0x71, 0x11, 0x72, 0xe3,
+	0x24, 0xf3, 0x20, 0x56, 0x1b, 0x4d, 0x62, 0xe4, 0x62, 0x0b, 0x29, 0x2a, 0x2d, 0x2e, 0x49, 0x11,
-	0xe2, 0x46, 0x72, 0x9a, 0x90, 0x24, 0xc4, 0x83, 0x7a, 0x98, 0xde, 0x92, 0x92, 0xc2, 0x26, 0x05,
+	0x72, 0xe3, 0xe2, 0x46, 0x72, 0x9c, 0x90, 0x24, 0xc4, 0x8b, 0x7a, 0x98, 0x1e, 0x93, 0x92, 0xc2,
-	0x31, 0x4e, 0x89, 0x41, 0xc8, 0x81, 0x8b, 0x13, 0x6e, 0x8b, 0x90, 0x38, 0x54, 0x29, 0xba, 0x3f,
+	0x26, 0x05, 0x31, 0x50, 0x89, 0x41, 0xc8, 0x81, 0x8b, 0x13, 0x6e, 0x8f, 0x90, 0x38, 0x54, 0x29,
-	0xa4, 0x24, 0x30, 0x25, 0x60, 0x26, 0x24, 0xb1, 0x81, 0xa5, 0x8c, 0x01, 0x01, 0x00, 0x00, 0xff,
+	0xba, 0x4f, 0xa4, 0x24, 0x30, 0x25, 0x60, 0x26, 0x24, 0xb1, 0x81, 0xa5, 0x8c, 0x01, 0x01, 0x00,
-	0xff, 0x45, 0xd6, 0xa4, 0x2f, 0x67, 0x01, 0x00, 0x00,
+	0x00, 0xff, 0xff, 0x80, 0xe5, 0x5e, 0xbe, 0x69, 0x01, 0x00, 0x00,
 }
--- a/src/initramfs/cmd/trustd/proto/api.proto
+++ b/src/initramfs/cmd/trustd/proto/api.proto
@ -3,8 +3,8 @@ syntax = "proto3";
 package proto;
-// The ROTD service definition.
+// The Trustd service definition.
-service ROTD {
+service Trustd {
  rpc Certificate(CertificateRequest) returns (CertificateResponse) {}
  rpc WriteFile(WriteFileRequest) returns (WriteFileResponse) {}
 }
--- a/src/initramfs/pkg/userdata/userdata.go
+++ b/src/initramfs/pkg/userdata/userdata.go
@ -47,7 +47,7 @@ type Networking struct {
 // Services represents the set of services available to configure.
 type Services struct {
 	Kubeadm *Kubeadm `yaml:"kubeadm"`
-	ROTD    *ROTD    `yaml:"rotd"`
+	Trustd  *Trustd  `yaml:"trustd"`
 }
 // File represents a files to write to disk.
@ -73,12 +73,12 @@ type InitConfiguration struct {
 	SelfHosted     bool   `yaml:"selfHosted,omitempty"`
 }
-// ROTD describes the configuration of the Root of Trust (RoT) service. The
+// Trustd describes the configuration of the Root of Trust (RoT) service. The
 // username and password are used by master nodes, and worker nodes. The master
 // nodes use them to authenticate clients, while the workers use them to
 // authenticate as a client. The endpoints should only be specified in the
 // worker user data, and should include all master nodes participating as a RoT.
-type ROTD struct {
+type Trustd struct {
 	Username  string   `yaml:"username"`
 	Password  string   `yaml:"password"`
 	Endpoints []string `yaml:"endpoints,omitempty"`