Trusted Platform Module Based Remote Attestation

1. Attestation Operations using ZedUI

After you log in to ZedControl, click on the Marketplace () icon to go to the Marketplace. You will see two secondary tabs called 'Edge Apps' and 'Models' on the top, with 'Edge Apps' being selected by default. Click on the 'Models' tab. This page shows the top panel, which shows the models available for your enterprise, and the lower panel shows the models already there in your enterprise if any. Click on any of the models available in your enterprise.
 
ENM_7_Screen_0.png
 
You can perform the following operations related to the PCR template and its values:
 

1.1. Create PCR Template

  • Step 1 > Click on Add (Add_icon.png) icon.
 
ENM_7_Screen_1.png
 
  • Step 2 > Click on the click here link to pre-fill the template values with the copied values, if any.
  • Step 3 > Select the EVE image version accordingly.
 
ENM_7_Screen_2.png
 
Note: Once you have filled the PCR values, keep only the PCRs you need and delete the remaining.
 
  • Step 4 > Click on the 'Save' button.
 
ENM_7_Screen_3.png
 
  • Step 5 > A toast message is displayed as shown below:
Model: Advantech-EIS-D210 has been updated
 
ENM_7_Screen_4.png
 
A new PCR template is created.
 

1.2. PCR Template Views

The attestation policy can be read from the following sections:
 

Edge Nodes Details View

  • Step 1 > The reported PCR values are not shown upfront in the attestation section. Click on the click here link to see the reported values.
 
ENM_7_Screen_5.png
 
Note: Starting with ZedControl Release 7.3.0, a new attestation state 'Passed – No Attestation Enforced' is added. This state is appropriately seen under the Edge Node details page's attestation section.
 
  • Step 2 > Click on the click here link to copy the values.
 
ENM_7_Screen_6.png
 
Note: Copy the relevant PCR values common for all model devices into the template.
Warning: Copying all the PCR values is not advised.
 
  • Step 3 > A toast message is displayed as shown below:
PCR values are copied into memory.
 
ENM_7_Screen_7.png
 

Projects List View

From the project list view, the edge node attestation can be enforced as shown in the following steps:
 
Select the project from the list to which you want to enforce attestation.
 
ENM_7_Screen_8.png
 
You can see under the 'Policies' section that the edge node attestation is currently not enforced. To enforce the same:
  • Step 1 > Click on the edit (Edit_icon.png) icon.
 
ENM_7_Screen_9.png
 
  • Step 2 > Click on the checkbox to select the edge node attestation enforcement.
  • Step 3 > Click on the submit button.
 
ENM_7_Screen_10.png
 
You can now see that the edge node attestation is enforced for that particular project.
 

1.3. Update PCR Template

Step 1 > Click on the expand (Expand_Panel_icon.png) icon to display the particular EVE image PCR template.
Step 2 > Click on the edit (Edit_icon.png) icon to edit or update the PCR template.
 
ENM_7_Screen_12.png
 
Step 3 > Click on the click here link to pre-fill the template values with the copied values.
 
ENM_7_Screen_13.png
 
Step 4 > Click on the 'Save' button.
 
ENM_7_Screen_14.png
 
Step 5 > When you click on the 'Save' button, a toast message appears as shown below:
Model: Advantech-EIS-D210 has been updated.
 
ENM_7_Screen_15.png
 
The selected PCR template is updated.
 

1.4. Delete PCR Template

You can delete the EVE image versions using the following steps:
  • Step 1 > Select the EVE image version which needs to be deleted.
  • Step 2 > Click on the more () icon.
  • Step 3 > From the dropdown, select 'Delete'.
 
  • Step 4 > Click the 'Confirm' button on the modal dialogue which appears as below:
Are you sure you want to delete the selected 1 Model Template(s)?
 
  • Step 5 > When you click on the 'Confirm' button, a toast message appears as shown below:
Model: Advantech-EIS-D210 has been updated.
 
 
The selected PCR template is deleted.
Was this article helpful?
1 out of 1 found this helpful

Articles in this section