...
- Implement recommendations of TCG Remote Attestation Protocol TAP - with EVE as the attester and EVC as the verifierUse . i.e. use TPM to measure the booting sequence using Platform Configuration Registers (PCR)
- Lock the encrypted volumes, with On top of the TCG solution, propose a mechanism for self-locking: Seal the decryption key sealed for using PCRs (for self-locking during offline/tampered conditions). This is done to address unique operational requirements of EVE at the Edge.
- Escrow of the volume key with the Controller during the upgrade.Allow access to secretive resources only if the PCR values haven't changed
Following sections describe the details, starting with a review of existing solutions in this space.
...