Versions Compared

Old Version 26

changes.mady.by.user Hari C S

Saved on

compared with

New Version 27

changes.mady.by.user Hari C S

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Module Level Interaction - EVE Startup Sequence (Running an Unknown Software)

Image Modified

Fig. Module Level Interaction in EVE - Startup Sequence (Running Unknown Software)Device-steps starts client.go (the provisioning client) which will check and do the following:


  1. Device-steps starts client.go (the provisioning client) which will check and do the following:
    1. If certificates from EVC are not yet fetched,  fetches them 
    2. Retrieves UUID from EVC
  2. Device-steps starts Vault Mgr
    1. Vault Mgr tries to retrieve the master decryption key from TPM with Unseal operation, and Unseal operation fails since the PCR values have changed
    2. Publishes vault status (as "locked")
    3. Waits for Integrity-Token and/or master-key from EVC - it will block here forever
  3. Device-steps starts TPM mgr
    1. TPM manger retrieves the attestation certificate and publishes to Zedagent
    2. Waits for Quote requests on pubsub channel from Zedagent
  4. Device-steps starts Zedagent (and Zedagent starts 3 concurrent tasks: attest, info and config)
    1. Attest task picks up the attestation certificate and publishes to EVC
    2. Attest task requests for a nonce from EVC (to prepare PCR quote)
    3. Attest task sends the nonce back to TPM Mgr and waits for PCR quote
    4. Attest task, once notified about the quote readiness, creates a random nonce value for Integrity-Token
    5. Attest task sends { Quote, Location, Event Log, Integrity-Token, Image Version } to EVC
    6. EVC, since the quote is different, tries to compare EventLog entries with its known hashes against the version reported. Since this is some arbitrary software, there will not be a match.
      1. Even if Location-Lock is enabled, location can not be trusted here, since the software reporting the location is not trusted.
    7. EVC sends an error back to EVE, to retry attestation.
    8. In the mean time, configuration task keeps requesting config from EVC (expected to fail till attestation goes through).
    9. EVC replies to configuration request with HTTP Error Code 403 - Forbidden. Indicates attestation failure (due to no or invalid Integrity Token)
    10. Config task communicates to Attest Task to re-trigger attestation

...