| CPC G06F 21/33 (2013.01) [G06F 21/602 (2013.01); G06F 21/64 (2013.01)] | 20 Claims |
|
1. A method for managing component validation for an endpoint device, the method comprising:
during an onboarding of the endpoint device to a deployment:
obtaining an ownership voucher for the endpoint device;
verifying authenticity of certificates in the ownership voucher to obtain authenticated certificates by determining whether each of the certificates can be chained back through one or more of other ones of the certificates to a root of trust for the endpoint device, wherein only certificates among the certificates that can be chained back to the root of trust are obtained as the authenticated certificates;
obtaining an expected loadout of hardware components for the endpoint device using a secure component validation certificate of the authenticated certificates and at least one delta certificate of the authenticated certificates, wherein the at least one delta certificate specifies authorized changes to a loadout of the hardware components of the endpoint device performed by a first entity while the endpoint device is under ownership of the first entity, and the authorized changes to the loadout of the hardware components of the endpoint device are authorized by a second entity that had ownership of the endpoint device before the first entity;
obtaining an actual loadout of the hardware components of the endpoint device;
making a determination regarding whether the actual loadout matches the expected loadout;
in a first instance of the determination where the actual loadout matches the expected loadout:
completing the onboarding of the endpoint device; and
in a second instance of the determination where the actual loadout does not match the expected loadout:
performing an action set to manage component drift of the endpoint device.
|