Versions Compared

Old Version 51

changes.mady.by.user Hari C S

Saved on

compared with

New Version 52

changes.mady.by.user Hari C S

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

       - This will be used for remote attestation on reboot of a device and periodic challenges.

Same API that carries other config, handled by zedAgent

Vault related configuration would be pushed along with other config (by /api/v1/eddgedev/config), and parsed by zedagent.  Zedagent would interact with Vault Manager service for implementing file system encryption requirements.  Any file system interaction to setup/unlock the vault directory will have to be done by Vault manager according to the security config received, and then signal others that vault directory is now ready for use.  Zedmanager will synchronise with Vault Manager to make sure the Vault is ready to use before any edge container that needs this vault is started by domain manager.  Other services can listen to Vault Manager to perform any task they need to do on top of the Vault directory(Currently only zedagents/zedmanager).  

...

  • Data handling policy
  • Key Information

Data handling policy

Data handling policy will define, sensitive storage data handling, on encryption algorithm change, 

...

Destroy: This indicates Vault Manager to destroy the given Vault. (Probably due to a security breach detected by EVC)

Key Information

Fscrypt provides a way to change the master key associated with an encrypted folder, without re-encrypting the contents. This is possible due to the protectors and policies constructs used by fscrypt (master key protects the protector, and protector in turn protects the final key used for encryption). Please see here for more details.

We can use this fscrypt feature to periodically rotate the master keys used for a given vault. The key rotation policy will be in the controller and will not be intimated to EVE.  For a key rotation scheme, a maximum of two keys will be intimated to the EVE node. Controller will store and publish, the last published key along with the most current key. This will cover cases, when the EVE node is not able to communicate with controller. If there is no key rotation configured, both old and new key fields in the configuration will be the same.

Attestation Challenge by EVC 

This is to challenge EVE to provide a requested information, to prove EVE's software/physical location states are untampered. On successful response, further config updates will have Vault section with appropriate Vault config like keys. Failing to provide a satisfiable response, EVC will not send the vault configuration to EVE, and will keep sending Attestation Challenge in place of Vault configuration.  Attestation Challenge can be:
a) PCR quote with nonce included

...