Use the ima.json and fp.json files to create a runtime attestation profile in the VMware Pulse IoT Center console.

Prerequisites

You must have created a TPM-based device template. The TPM-based template contains the following system properties:
  • runtime-tamper-details
  • boot-tamper-details
  • runtime-is-tampered
  • boot-is-tampered
The template also contains the following custom property:
  • security-profile-id

Procedure

  1. From the VMware Pulse IoT Center console, go to Security > Profiles.
  2. Click ADD PROFILE.
    The Add Profile wizard is displayed.
  3. In the Details step:
    1. Enter a profile name.
    2. In the Device Template drop-down menu, select the TPM-based device template that you have created.
    3. Under Notes, enter information about the profile.
    4. Click NEXT.
  4. In the Boot Attestation step, click UPLOAD and upload the fp.json file. Click NEXT.
  5. In the Runtime Attestation step, click UPLOAD and upload the ima.json file. Click NEXT.
    Note: The maximum size allowed for uploading is 20 MB.
  6. In the Review step, review the updates and click SAVE.

Results

You have successfully created a runtime attestation profile. You can view your profile under Security > Profiles. An alert definition is created for this profile. The alert definition is used for generating alerts when your gateway is tampered. To view the alert definition, go to Alerts and Notifications > Alert Definitions.

What to do next

Associate this profile with the TPM-based template.