Versions Compared

Old Version 58

changes.mady.by.user srinibas@zededa.com

Saved on

compared with

New Version 59

changes.mady.by.user Hari C S

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

UUID  - Unique Id generated by EVC for the Vault

Version of the Configuration - For message schema change in the future

Name  - String describing the Vault as given by UserVersion of the Configuration - To take care of config format change in the future

Vault Security Policy

Data handling policy will define operational mode of the vault:

...

Security Threats Addressed

Security Threat ScenarioTPM KeyController Key Controller Key with Attestation
Storage
Drive
drive is taken out and inserted into another system to read the dataProtectedProtected Protected
EVE device is taken out, and booted up in another location to access its data, but
no knowlede
the theft has been detected Not Protected
Not
Protected

Protected


EVE device is taken out, and booted up in another location to access its data, but no knowledge of it being stolen Not ProtectedNot ProtectedProtected
EVE device is not taken out, but some other malware is loaded on the system, and is used to get access from remote to access the informationNot ProtectedNot ProtectedProtected


References

  1. https://wiki.lfedge.org/display/EVE/Encrypting+Sensitive+Information+at+Rest+at+the+Edge
  2. The pull request corresponding to this proposal: https://github.com/lf-edge/eve/pull/186

...