Versions Compared

Old Version 48

changes.mady.by.user srinibas@zededa.com

Saved on

compared with

New Version 49

changes.mady.by.user Hari C S

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

We are proposing to have a user-visible construct called “Vault”.  A Vault is a secure file system, protected by native file system encryption.  Therefore the interface has 3 parts to it:

...

c) Attestation of the device through pcr PCR quote and nonce Nonce and/or geoGeo-location/ip IP Address information. 

       - This will be used for remote attestation on reboot of a device and periodic challenges.

...

Vault related configuration would be pushed along with other config (by /api/v1/eddgedev/config), and parsed by zedagent.  Zedagent would interact with Vault Manager service for implementing file system encryption requirements.  Any file system interaction to setup/unlock the vault directory will have to be done by Vault manager according to the security config received, and then signal others that vault directory is now ready for use.  Zedmanager will synchronise with Vault Manager to make sure the vault Vault is ready to use before any Edge Container edge container that needs this vault is created started by domain manager.  Other services can listen to this Vault Manager to perform any task they need to do on top of the vault directoryVault directory(Currently only zedagents/zedmanager).  

Break-up of the proposed Vault Config

...