...
And since this is measured boot it means that if some firmware or EVE component has been compromised, EVE will still boot and attempt remote attestation. Such a compromised device might be running some root-kit which can access the adapters on the EVE node, but applications will not start. Thus this implicitly assumes that the security of connected systems is based on credentials stored in the application instances and not merely by having the physical connectivity to some serial port or Ethernet network.
...
Establishing a Reference for Verification
- To establish a baseline, the following is proposed:
EVE device is on-boarded in a trusted environment, usually in a manufacturing/supply chain setup (or Intel SDO) - When EVE is on-boarded for the first time, during device-certificate registration, the PCR values coming out of the EVE node will be taken as the baseline for that device. Any change in the PCR value (other than during an EVC-driven upgrade, explained below) after will be flagged as UUD, and unless the user marks it as legal/accepted, the EVE node will remain in the UUD state.
- If the enterprise account is a manufacturing account, then geo-location will be exempted in calculating the baseline.
- When the EVE node comes online for the first time in a non-manufacturing enterprise, geo-location of the EVE node will be taken and will be frozen as the baseline value for geo-location.
- In case of mobile gateways, there will be an option to turn-off Geo-Fencing(i.e. Locking of Geo location)
...