The edge daemon will fail to provision the TPM when user set the owner and endorsement auth values of the TPM.
Quick work around is to add additional fields in the configuration.yaml to allow user to specify the auth values above. By default it is NULL if it is not set for backward compatibility.2 votes
Currently the TPM Endorsement Public Key and registration ID is used to perform individual enrollment.
It is desirable to have group enrollment with EK certificate as follow:
1. Allow user to register their CA/ICA- feature already in Azure portal
2. user create TPM group enrollment, choose the EK issuer CA/ICA
3. Azure DPS will check the Edge's TPM EK certificate(verify with CA/ICA) and perform TPM enrollment procedures as in the individual enrollment.
This feature allow easy enrollment with TPM and yet secure by the TPM enrolment protocol.1 vote
Currently the device CA and the identity keys are generated in PEM files and set the path in the config.yaml as URI link.
It is desirable to use TPM key and generate device CA and Identity certificate with a root CA and then use the TPM key by referencing to the handle number e.g. 0x81000002.1 vote
Natively support Azure Device Streams in IoT Edge, preferably by entering Device Streams endpoint in IoT Edge's config.yaml file.1 vote
We’ve completed our feature planning for the second half of 2020. We’ll consider this when we do feature planning for the first half of 2021.
- Don't see your idea?