...
Fig 4. Firmware Upgrade Management
EVC Interface
Since there can be many implementations for EVC, to maintain compatibility, following API definitions are proposed for the purpose of implementing this feature:
URI | Type | Functionality |
---|---|---|
/api/v2/edgeDevice/uuid | POST | Return UUID of the device, based on device certificate present in AuthContainer. So far, EVE has been re-using /api/v2/edgeDevice/config to get UUID of the device in the initial stages of starting EVE services. But with measured boot and remote attestation, configuration is sent to device only when device is attested for software integrity (which happens later as part zedAgent). Therefore, it may be observed that for getting UUID, fetching the whole configuration (which requires attestation now) would be an overkill, and hence the need for this new lightweight URI. The proposed /uuid is lightweight URI that responds with a single field that contains the UUID of the device. If the device is not known, Error 404 is sent. |
/api/v2/edgeDevice/{uuid}/attest SubType ATTEST_REQ_CERT | POST | To send attestation certificate. This certificate is used to validate signature of the PCR Quote. This certificate is different from device certificate and ECDH certificate. The cert type for this will be set to CERT_TYPE_DEVICE_RESTRICTED_SIGNING. For more details, please refer this section of API documentation |
/api/v2/edgeDevice/{uuid}/attest SubType ATTEST_REQ_NONCE | POST | To request a nonce from controller. This nonce will be included while generating PCR Quote. Controller MUST generate NONCE_MISMATCH error if PCR quote is sent with a nonce that is not matching the nonce stored in EVC. This will trigger re-fetching of nonce from device. For more details, please refer this section of API documentation |
/api/v2/edgeDevice/{uuid}/attest SubType ATTEST_REQ_QUOTE | POST | To send { PCR Quote, Event Log, Integrity Token, and Image version } for attestation. If attestation result (PASS/FAIL) is sent back as response. For more details, please refer this section of API documentation |
/api/v2/edgeDevice/{uuid}/config | POST | If device meets attestation requirements (as described in the sequence sections above), full config is sent. If device is yet to attested successfully, HTTP Error 403 is sent back, for device to trigger attestation first. Controller will run a periodic time check, and attestation has to be redone periodically at these intervals. EVC is free to choose a time value for this purpose. When attestation is due, EVC always indicates it to device via this 403 error code as response to config request. |