Trusted Platform Module Based Remote Attestation

Attestation Operations using UI

After you log in to ZEDEDA, click on the Marketplace icon to go to the Marketplace. You will see two secondary tabs called 'Edge Apps' and 'Models' on the top, with 'Edge Apps' being selected by default. Click on the 'Models' tab. This page shows the top panel, which shows the models available for your enterprise, and the lower panel shows the models already there in your enterprise if any. Click on any of the models available in your enterprise.
 
You can perform the following operations related to the PCR template and its values:
 

Create PCR Template

  • Step 1 > Click on Add (Add_icon.png) icon.
  • Step 2 > Click on the click here link to pre-fill the template values with the copied values if any.
  • Step 3 > Select the EVE-OS image version accordingly.
  • Step 4 > Click on the 'Save' button.

Note: Once you have filled the PCR values, keep only the PCRs you need and delete the remaining.

 

PCR Template Views

The attestation policy can be read from the following sections:
 

Edge Nodes Details View

  • Step 1 > The reported PCR values are not shown upfront in the attestation section. Click on the click here link to see the reported values.
 
Note: Starting with the ZEDEDA platform Release 7.3.0, a new attestation state 'Passed – No Attestation Enforced' is added. This state is appropriately seen under the Edge Node details page's attestation section.
  • Step 2 > Copy the values.
 
Note: Copy the relevant PCR values common for all model devices into the template.
Warning: Copying all the PCR values is not advised.
  • Step 3 > A toast message is displayed as shown below:
 

Projects List View

From the project list view, the edge node attestation can be enforced as shown in the following steps:
 
Select the project from the list to which you want to enforce attestation.
 
You can see under the 'Policies' section that the edge node attestation is currently not enforced. To enforce the same:
  • Step 1 > Click on the edit (Edit_icon.png) icon.
  • Step 2 > Click on the checkbox to select the edge node attestation enforcement.
  • Step 3 > Click on the submit button.
 
You can now see that the edge node attestation is enforced for that particular project.
 

Update PCR Template

Step 1 > Click on the expand (Expand_Panel_icon.png) icon to display the particular EVE-OS image PCR template.
Step 2 > Click on the edit (Edit_icon.png) icon to edit or update the PCR template.
Step 3 > Pre-fill the template values with the copied values.
Step 4 > Click on the 'Save' button.
 
The selected PCR template is updated.
 

Delete PCR Template

You can delete the EVE-OS image versions using the following steps:
  • Step 1 > Select the EVE-OS image version which needs to be deleted.
  • Step 2 > Click on the more () icon.
  • Step 3 > From the dropdown, select 'Delete'.
 
  • Step 4 > Click the 'Confirm' button on the modal dialogue which appears as below:
  • Step 5 > When you click on the 'Confirm' button, a toast message appears as shown below:
 
 
Was this article helpful?
3 out of 4 found this helpful