...
| Order | API | Version | Operation | TLS Client Cert | Args | Response | Request Enveloped? | Response Enveloped? | Context of invocation |
|---|---|---|---|---|---|---|---|---|---|
| 1 | edgeDevice/register | v1 | POST | onboarding certificate | onboarding keyserial, soft serial, device cert | standard HTTP response code | No | No | initial onboarding |
| 1 | edgeDevice/register | v2 | POST | None | onboarding key, serial, soft serial device cert | standard HTTP response code | Yes, signed by onboarding certificate | No | initial onboarding |
| 2 | edgeDevice/Certs (new) | v1/v2 | GET | None. Preference is to use HTTP if proxy supports. | None | Controller Certs, and HTTP response code | No | No | at every boot, if device does not have any controller cert |
| 3 | edgeDevice/config | v1 | POST | device certificate | device certificate | Device Configuration | No | No | at boot time. When we act on PCR values, PCR Quote will have to be sent along with the config request |
| 3 | edgeDevice/config | v2 | POST | None | device certificate | Device Configuration | Yes, signed by device certificate, and contains device certificate | Yes, signed by Controller Cert shared in Order 2 | at boot time. When we act on PCR values, PCR Quote will have to be sent along with the config request |
| 4 | edgeDevice/id/<uuid>/attest Sub-type ATTEST_REQ_CERT | v2 | POST | None | Additional Certs created by Device | standard HTTP response code | Yes, signed by device certificate. Envelope has device UUID | No | at boot time |
| 5 | edgeDevice/id/<uuid>/attest Sub-type ATTEST_REQ_NONCE | v2 | POST | None | None | Nonce | Yes, signed by device certificate. Envelope has device UUID | Yes, signed by Controller Cert shared in Order 2 | Precedes PCR Quote POST |
| 6 | edgeDevice/id/<uuid>/attest Sub-type ATTEST_REQ_QUOTE | v2 | POST | None | Nonce, PCR Quote. Quote is signed with restricting signing key from device | AttestResult(pass, fail) along with standard HTTP response code | Yes, signed by device certificate. Envelope has device UUID | Yes, signed by Controller Cert shared in Order 2 | Precedes config request |
| 7 | edgeDevice/config | v1 | POST | device certificate | device UUID, hash of current config | Device Configuration, sensitive data encrypted with shared symmetric key | No | No | When we act on PCR values, PCR Quote will have to be sent along with the config request |
| 7 | edgeDevice/config | v2 | POST | device certificate | device UUID, hash of current config | Device Configuration, sensitive data encrypted with shared symmetric key | Yes, signed by device certificate. Envelope has device UUID | Yes, signed by Controller Cert shared in Order 2 | When we act on PCR values, PCR Quote will have to be sent along with the config request |
...