-
Notifications
You must be signed in to change notification settings - Fork 449
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFE: ZeroTrust XIoT Remote Device Attestation #1439
Comments
Hi! I'm on the Smallstep team. Thanks for opening an issue. Could you please elaborate on your use case, and the functionality you think I belive it's possible to use But, your particular application sounds a bit more involved. |
Hi Carl, The functionality I wish to achieve is remote device attestation (2.):
I have given my GoldenPath version of a XIoT Zero-Conf|Trust|Touch target architecture directly from network devices. Thanks in advance :) |
Our software can support leveraging TPM attestation certificates as part of a PKI strategy that requires strong device identity. If you need EAP-TLS X.509 client certificates that identify a device to the network, you may want to set up a Smallstep CA that devices can enroll with. If I'm understanding correctly, it sounds like you're also looking for remote boot attestation and integrity monitoring features, which is not really our sweet spot. For that, I think you will need signed TPM PCR quotes to attest some of the things you want to know about a system's state. Keylime may be a better fit for that component. I haven't looked closely at it in a while, but I think it can help you get remote attestations that the system is in a good runtime state. |
Hi Carl, |
TPM 802.1x EAP-TLS X.509:
sonic-net/SONiC#1362
The text was updated successfully, but these errors were encountered: