Device Identity, Onboarding, Security Foundation

Owned by Behdad Ebadifar
Last updated: Jun 06, 2019 by Gregory Chase
1 min read

  • Using self-signed certificates using elliptic curve key pairs

  •  

    • Reasonable key size for 20 year time frame

    • Considering adding certificate signing request

    • At factory/install specify EVC plus root CA certificate for EVC

  • Leverage TEE/TPM for secure key storage, measured boot, etc

  •  

  • Several variants for on-boarding depending on factory constraints

  •  

    • Want strong binding between user/purchaser and device identity

  • Images are signed; verified by device; can pull from any datastore

  • No remote (ssh) or keyboard access to EVE(*)

(*) Can enable using API for developer debug