Manage PCR Templates

Updated

Attestation Operations using UI

After you log in to ZEDEDA Infrastructure Services, you can manage PCR templates from the following locations:
  • Edge Nodes > YOUR_EDGE_NODE > Status tab > Attestation section 
  • Marketplace > Model > YOUR_MODEL > Attestation tab 
You can perform the following operations related to the PCR template and its values.
 

Create PCR Template

These steps show how to create a template from the Marketplace. 

  1. Navigate to Marketplace > Model > YOUR_MODEL > Attestation tab.
  2. Click Add PCR Template.  
  3. Click the Click here link to pre-fill the template using the values from the edge node. 
    • The link is active only during the first-time configuration of a PCR template for onboarded devices.
    • After you have filled the PCR values, keep only the PCRs you need and delete the remaining.
  4. Select a Name, EVE-OS image version, and Firmware version accordingly.
  5. Click Add.

View PCR Template

The attestation policy can be read from the following section.

Edge Nodes Details View

These steps show how to view PCR values from the edge node. 

  1. Navigate to Edge Nodes > YOUR_EDGE_NODE > Status tab.
  2. Scroll to the Attestation section.
  3. Click the Show Reported PCR Values link to see the reported values.
    Note: Starting with the ZEDEDA platform Release 7.3.0, a new attestation state 'Passed – No Attestation Enforced' is added. This state is appropriately seen under the Edge Node details page's attestation section.
  4. (Optional) Copy the values if you need them, for example if you want to use them for an update.
    Note: Copy the relevant PCR values common for all model devices into the template.
    Warning: Copying all the PCR values is not advised.
  5. A toast message is displayed.

Enforce PCR Template

From the project list view, the edge node attestation can be enforced as shown in the following steps.
  1. Navigate to Administration > Projects > YOUR_PROJECT.
  2. Click the edit (pencil) icon.
  3. Click the checkbox to select the Edge Node Policy to enforce edge node attestation & propagation of configuration changes to the edge node.
  4. Click the expand (⌄) icon on the policy to configure the project policy details. 
  5. Click Save.
You can now see that the edge node attestation is enforced for that particular project.
 

Update PCR Template

Step 1 > Click on the expand (⌄) icon to display the particular EVE-OS image PCR template.

Step 2 > Click on the edit (pencil) icon to edit or update the PCR template.

Step 3 > Pre-fill the template values with the copied values.

Step 4 > Click on the 'Save' button.

The selected PCR template is updated.

 

Delete PCR Template

You can delete the EVE-OS image versions using the following steps:
  1. Navigate to Edge Nodes > YOUR_EDGE_NODE > Status tab.
  2. Scroll to the Attestation section.
  3. Click the link to Configure a PCR Template.
  4. Select the EVE-OS image version that needs to be deleted.
  5. Click the ellipsis (...) icon.
  6. From the dropdown, select Delete.
  7. Click Delete to confirm.
 

Next Steps

This is a series of articles, you will likely follow them in this order: 

Was this article helpful?
3 out of 4 found this helpful