Optional signature for the deployment manifest
Optional signature for the deployment manifest, so that the IoTEdge can verify the integrity of the manifest independent of transport/cloud integrity.
The overall objective should be to at least enable users of the Azure IoT edge solution to secure/harden the system in a way that even a cloud breach couldn't lead to a corruption of the local systems or an information leak. At the moment the system depends solely on the cloud integrity - but a second security barrier should be available.
For sure there are multiple starting points - e.g. signing container images; generally disable upstream-messaging. But the biggest security improvement from my perspective could be to prevent the possibility to alter deployments in case of a cloud breach - so maybe an optional cryptographically secure signature of a deployment manifest that the edge could validate is an option.