Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

We also want to make it more clear which agent owns particular directories from a defense-in-depth and storage management perspective.

New layout

/persist/vault - is the encrypted top-level directory for the parts needing encryption. This will be encrypted using a key sealed under the PCRs in the TPM, thus must not be used to store information which the device needs to access in order to be able to perform remote attestation with the controller.TBD: Do we want a separate vault directory which where the key is not sealed under the PCRs so that we can put e.g.,

/persist/status/* in an encrypted location?/persist/clear - clear is an alternative for the parts not needing encryption (currently this is only proposed for volumes where encryption incurs some overhead for running ECOs). Using that requires the addition of a boolean to the EVE API to specify unencrypted storage for the volume.

/persist/unsealed-vault is a future location which will be encrypted using a key stored in the TPM but not sealed under the PCRs. In the future we can move things which are needed during a post-update boot before re-attestation to this unsealed vault, such as /persist/status/nim/DevicePortConfigList/ which keeps the network configuration across device reboots.

Volumes

In /persist/vault/volumes/ and /persist/clear/volumes

...