...
UUID - Unique Id generated by EVC for the Vault
Version of the Configuration - For message schema change in the future
Name - String describing the Vault as given by UserVersion of the Configuration - To take care of config format change in the future
Vault Security Policy
Data handling policy will define operational mode of the vault:
...
Security Threats Addressed
Security Threat Scenario | TPM Key | Controller Key | Controller Key with Attestation |
---|---|---|---|
Storage |
drive is taken out and inserted into another system to read the data | Protected | Protected | Protected |
EVE device is taken out, and booted up in another location to access its data, but |
the theft has been detected | Not Protected |
Protected | Protected | ||
EVE device is taken out, and booted up in another location to access its data, but no knowledge of it being stolen | Not Protected | Not Protected | Protected |
EVE device is not taken out, but some other malware is loaded on the system, and is used to get access from remote to access the information | Not Protected | Not Protected | Protected |
References
- https://wiki.lfedge.org/display/EVE/Encrypting+Sensitive+Information+at+Rest+at+the+Edge
- The pull request corresponding to this proposal: https://github.com/lf-edge/eve/pull/186
...