Operator Config
config.json is optional public HyperBEAM configuration for a LapEE node. It is
read from the ESP once, copied to /tmp/config.json, and included in the
attested node evidence.
Do not put secrets in config.json.
Runtime Order
HyperBEAM starts with:
HB_CONFIG=/tmp/config.json,/etc/lapee/lapee.json
The operator config is first. The enforced LapEE config is last, so LapEE TPM devices and the startup boot-attestation hook remain part of the node.
Example
{
"load_remote_devices": false,
"trusted_device_signers": [
"WjnS-s03HWsDSdMnyTdzB1eHZB2QheUWP_FVRVYxkXk"
]
}
HyperBEAM normalizes JSON keys into AO message keys. For example,
trusted_device_signers appears as trusted-device-signers in
~meta@1.0/info and in the attested node message.
Apply To An Image
From the lapee source tree, place config.json beside the Makefile, then
run:
make operator-config-apply IMAGE=build/images/lapee-usb.img
The same target also copies wifi.conf if it exists.
The command edits the ESP inside the image. It does not re-sign the UKI.
Validation At Boot
The init process accepts config.json only when it is:
- Between 2 and 65,536 bytes.
- Free of NUL bytes.
- A JSON object after whitespace is stripped.
Invalid config becomes {}.
WiFi Config
WiFi credentials are a separate file:
wifi.conf
Format:
SSID
WPA2-PSK
Generate it interactively:
make wifi-creds
wifi.conf contains the PSK in plaintext before and after ESP injection. Keep
it local, remove it when no longer needed, and do not commit it.
Attestation Impact
Operator config can change the node message, so it can change the
node-message-id committed into PCR 15. That is expected.
The QEMU operator-config harness verifies that:
~meta@1.0/infoexposes the configuredtrusted-device-signers.- Boot attestation contains the same node message.
- PCR 15 replay commits to that node-message id.
- Green-zone template matching accepts the configured node and rejects the node without that config.