...
Release Engineering
Security
- Enable scalable enforcement of TPM PCR values on controller (PCR values should be the same when the hardware, firmware, config, and EVE are the same)
- Explore Linux Integrity Measurement Architecture (IMA) with the TPM
- Signed images from the release engineering process including the kernel SHA for the TPM PCRs
D-release (Q4, 2020)
- Measured boot and Remote Attestation to the controller
- Encrypted disk vault keys sealed under the TPM PCR values
- End-to-end security even with content inspecting proxies
- Off-line support - verify that applications come up even if there is no connectivity to the controller
- Off-line support - user-setable reset/reboot time if connectivity is lost to controller (to recover from hung network adapters)
- App side-loading/pre-loading by being able to specify content trees independent of volume creation
- Use containerd as Content Addressible Storage for containers, VM and EVE images
- Verify device passthrough for primary video adapter
- Provide an API so Azure IoT edge workload can report status/metrics for the running modules via EVE to controller
- Non-virtio emulation of devices
- Reduce EVE memory footprint (single zedbox process for most microservices); apply C-group controls
- Experimental support for ZFS for the /persist filesystem including encryption
...