...
Components Interacting with RW Partition on EVE
Component | Directory/File | Comments | Contains Sensitive Data? |
---|---|---|---|
Domain Mgr | /persist/img /persist/rkt | for storing the mutable ECO disk images | Yes |
Downloader | /persist/downloads | for downloading Edge Container Images | No |
Verifier | /persist/downloads | for verifying integrity of downloaded images | No |
ZedAgent | /persist/config | for storing EVE device configuration | Yes |
TPM Mgr | /persist/config/tpm_in_use | for marking TPM mode of operation | No |
device-steps.sh | /persist/IMGA, /persist/IMGB | for storing image specific logs, info | No |
Network Interface Manager (NIM) | /persist/status | for storing DevicePortConfigList | No |
Providing Security By Default
...
b) A Vault to store ECO related files (for ECO consumption) - let’s call it Image Vault - to store and launch mutated ECO images
Even though these vaults are created by default, a User (if he wants) can change the policies associated with these Vaults, through the interface specified in this proposal, like he would do for any user-created Vaults.
...
Security Threat Scenario | TPM Key | Controller Key | Controller Key Rotation | Key from TPM + Controller | TPM + Controller Key with Attestation | TPM + Controller Key with Attestation, with Key Rotation |
---|---|---|---|---|---|---|
Storage drive is taken out and inserted into another system/PC to read the data from the SSD directly using offline crypto tools | Protected | Protected | Protected | Protected | Protected | Protected |
Storage drive is taken out and inserted into another system/PC to read the data, by spoofing the Device Identity and talking to Controller | Protected | Not Protected | Not Protected (on non-TPM devices) | Protected | Protected | Protected |
EVE device is taken out, and booted up in another location to access its data, but the theft has been detected | Not Protected | Protected | Protected | Protected | Protected | Protected |
EVE device is taken out, and booted up in another location to access its data, but no knowledge of it being stolen | Not Protected | Not Protected | Protected | Not Protected | Protected (Using Geo Fencing) | Protected (Using Geo Fencing) |
EVE device is not taken out, but some other malware is loaded on the system, and is used to get access from remote to access the information | Not Protected | Not Protected | Not Protected | Not Protected | Protected (PCR value change detection) | Protected( PCR Value change detection) |
Brute force attack for Key identification | Not Protected | Not Protected | Protected | Not Protected | Not Protected | Protected |
References
- https://wikilf-lfedge.lfedgeatlassian.orgnet/wiki/display/EVE/Encrypting+Sensitive+Information+at+Rest+at+the+Edge
- The pull request corresponding to this proposal: https://github.com/lf-edge/eve/pull/186
...